Re: grant access on a attribute specific value

[Gavin Henry <ghenry@OpenLDAP.org>]

Pierangelo Masarati wrote:
> Fabrice Eudes wrote:
>
> > Pierangelo Masarati a écrit :
> > > if access depends on values in the "who", use sets; in your case,
> > > something like
> > >
> > > access to dn="cn=foo,ou=groups,dc=example,dc=com"
> > >     attrs=cn,description,memberUid,entry by
> > >     set="[ldap:///ou=people,dc=example,dc=com?1.1?sub?(&(objectClass=inetOrgPerson)(employeeType=chief))]/entryDN
> > > & user" write
> > wow ! no chance I could find that on my own, especially because the
> > slapd.access manpage says « The statement set=<pattern> is undocumented
> > yet. » :-)
>
> The only documentation is in
> <http://www.openldap.org/faq/data/cache/1133.html>.

We have 2 complete examples and docs waiting in:

(ITS#5281) doc contribution - set examples - following references

I just haven't decided where they should go...whether in the slapd* 
sections or a new ACL section. I prefer the later.

--
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/