[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and multiple mandatory conditions

To: openldap-software@openldap.org
Subject: ACL and multiple mandatory conditions
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sat, 7 Mar 2009 07:39:50 +0100
User-agent: MacSOUP/2.7 (unregistered for 777 days)

Hello

The goal is to give access to a ressource based on two mandatory
conditions.

I want user DN to match a rule, and attribute value to match another
rule, which depends on the user

This yields me two rules. The first one allow a user that has a given ou
in ouManager set to modify the authorizedService in this ou. I did not
test the second one yet, but the idea is that the user has a
serviceManager attribute telling which value of authorizedService he is
allowed to set.

access to dn.regex="^uid=.+,ou=.+,o=home$" attrs=authorizedService
    by set.exact="user/ouManager & this/-1" write stop

access to attrs.regex=authorizedService val.regex="(.*)"
    by set="user/serviceManager & ${v1}" write stop

But I need to perform a AND between the two rules. How can that be done?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: ACL and multiple mandatory conditions
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: set ACL specification/syntax
Next by Date: Re: ACL and multiple mandatory conditions
Index(es):
- Chronological
- Thread