[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control by attribute value of bound user?

To: openldap-software@openldap.org
Subject: Re: Access control by attribute value of bound user?
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 09 Jul 2008 16:08:04 +0200
In-reply-to: <48748B58.7000205@valan.net> (Vladimir Dzhuvinov's message of "Wed, 09 Jul 2008 12:56:40 +0300")
References: <48748B58.7000205@valan.net>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Hi,

Vladimir Dzhuvinov <vd@valan.net> writes:

> Hello,
>
> I had a look at the OpenLDAP docs and it looks like it isn't possible
> to define access based on an attribute value of a bound user. Is this
> correct?
>
> I use slapd version 2.4.9 (Debian/Linux).

This is possible by defining sets
http://www.openldap.org/faq/data/cache/1133.html

something like
access to dn.regex="cn=([^,]),dc=example,dc=com$"
       by set.regex="[cn=$1,dc=example,dc=com /attribute type &
       [attribute value]" 

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Access control by attribute value of bound user?
  - From: Vladimir Dzhuvinov <vd@valan.net>

References:
- Access control by attribute value of bound user?
  - From: Vladimir Dzhuvinov <vd@valan.net>

Prev by Date: Re: Access control by attribute value of bound user?
Next by Date: OpenLDAP 2.4.10 inconsistent performance
Index(es):
- Chronological
- Thread