[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: "negative" attribute list?

To: Heiko Nardmann <h.nardmann@secunet.de>
Subject: Re: Q: "negative" attribute list?
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Tue, 20 Mar 2001 17:00:18 +0100
Cc: openldap-software@OpenLDAP.org
Organization: Dipartimento di Ingegneria Aerospaziale
References: <0103201457380B.05582@snsrv053>

Heiko Nardmann wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As far as I have understood the ACL syntax you can only define "positive"
> attribute lists to be accessed or not. I am currently in need of some
> "negative" list, i.e., I want to express that somebody can access any
> attribute except some special ones, so "all except attr1 attr2 attr3 ...".
>
> Is this already possible and I am missing something?

Nope (at least to my knowledge ...:). All you can do is something like

# ...
access to attrs=attr1,attr2,attr3
    by * none

access to *
    by * read


--
Dr. Pierangelo Masarati               | voice: +39 02 2399 8365
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati

Prev by Date: Re: LDAP authentication over SSL with openldap 2.0.7
Next by Date: RE: UW-IMAP auth via PAM & LDAP
Index(es):
- Chronological
- Thread