[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

To: Emmanuel Blot <emmanuel.blot@free.fr>
Subject: Re: OpenLDAP 2.1 and ACL
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 21 Jan 2003 14:38:08 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <013f01c2bfe5$fa31f830$0f06a8c0@oulx>
References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <HBF.20030113kanr@bombur.uio.no> <013f01c2bfe5$fa31f830$0f06a8c0@oulx>

Emmanuel Blot writes:
> I'd like to give different access rights depending on the 'gid' value.
> 
> gid>=10, user can write maildrop and cn
> gid>=2, user can write maildrop, but can only read cn
> 
> What kind of ACL rules can I use to implement this kind of control ?
> Is there some rules for <who> that will be something like "by filter =
> (group>=8)" ... ??

I don't see how.  Both filter= and attrs= are in the <what> part of
ACLs, and I don't think <what> can have several components.
I think you'll have to use ACIs.

-- 
Hallvard

Follow-Ups:
- Re: OpenLDAP 2.1 and ACL
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>

References:
- OpenLDAP 2.1 and filters
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Re: OpenLDAP 2.1 and filters
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>

Prev by Date: unable to install openldap 2.1
Next by Date: Re: OpenLDAP 2.1 and ACL
Index(es):
- Chronological
- Thread