[Date Prev][Date Next] [Chronological] [Thread] [Top]

syntax question for "access to"

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: syntax question for "access to"
From: charlie derr <cderr@simons-rock.edu>
Date: Sun, 18 Aug 2002 21:55:55 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020722

In my slapd.conf I would like to restrict access ('write' in this case) to two anded clauses. I haven't been able to find anything yet in the documentation that explains the syntax for this, but I seem to remember an example on this list from some months ago that leads me to believe that this is possible.

Specifically, I want to grant write permission to myAttribute if and only if the person has bound as self *and* that person is coming from a specific ip. Here's my attempt at pseudo-coding it (almost certainly wrong):

access to attribute=myAttribute
       by [peername="ip=123.45.67.89:*"] and [self] write
       by * read
       by anonymous none

Can someone please tell me the correct syntax (and where it's documented if I missed it), or tell me that i'm misremembering and that this isn't an option. I'm using openldap 2.0.23

thanks very much in advance, ~c

Prev by Date: Re: Change over to anonymous binds
Next by Date: more partial replication
Index(es):
- Chronological
- Thread