[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: <what> in ACL defined by set?

To: "Michael Ströder" <michael@stroeder.com>
Subject: Re: <what> in ACL defined by set?
From: masarati@aero.polimi.it
Date: Mon, 5 Mar 2012 22:20:57 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Importance: Normal
In-reply-to: <4F551740.4000004@stroeder.com>
References: <4F551740.4000004@stroeder.com>
User-agent: SquirrelMail/1.4.21

> HI!
>
> Is it possible to specify the <what> clause in an ACL with a set?

No.

> We have several applications and for each application there's a specific
> AUXILIARY object class for application-specific user attributes.
>
> So for each application I add ACLs like this:
>
> access to
>    dn.onelevel="ou=Users,dc=example,dc=org"
>    attrs=@app1User
>      by dn.subtree="cn=app1,ou=Systems,dc=example,dc=org" read
>      by * break
>
> Obviously I'd like to have one ACL which references an attribute
> specifying
> the auxiliary object class in the app's system entry. Is that possible?

I'm not sure I understand your question: is it that you would like to have
something like

    attrs=<attr>

with <attr> depending on the contents of the entry, or of another entry
resulting from the evaluation of some expression?

p.

Follow-Ups:
- Re: <what> in ACL defined by set?
  - From: Michael Ströder <michael@stroeder.com>

References:
- <what> in ACL defined by set?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: production best-practices for cn=monitor
Next by Date: Re: <what> in ACL defined by set?
Index(es):
- Chronological
- Thread