[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl question

At 02:20 PM 10/27/99 -0500, Jason Bodnar wrote:
>Is this possible?

In general, no.  The access control system does not support
arbitrary joins.

The access control system, however, does support a mechanism
to support manager relations through dn attributes such as
'owner' (as defined by RFC).

access to *
	by self write
	by dnattr=owner write
	by dn=".+" read
	by * none

would grant each user write access to their entry and
any entry they own (and read access to bound users and
no access to anonymous users).

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>