[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl question

To: jbodnar@tivoli.com
Subject: Re: acl question
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Thu, 28 Oct 1999 09:35:11 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <XFMail.991027142047.jbodnar@tivoli.com>

At 02:20 PM 10/27/99 -0500, Jason Bodnar wrote:
>Is this possible?

In general, no.  The access control system does not support
arbitrary joins.

The access control system, however, does support a mechanism
to support manager relations through dn attributes such as
'owner' (as defined by RFC).

access to *
	by self write
	by dnattr=owner write
	by dn=".+" read
	by * none

would grant each user write access to their entry and
any entry they own (and read access to bound users and
no access to anonymous users).





----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- acl question
  - From: Jason Bodnar <jbodnar@tivoli.com>

Prev by Date: Re: help with ACL
Next by Date: Cross-server bind
Index(es):
- Chronological
- Thread