[Date Prev][Date Next] [Chronological] [Thread] [Top]

Combined ACL with filter and without ?

One of those pesky ACL questions again :-)

I'm trying to come up with an ACL in which I can
restrict access to an attribute like this:
- (authenticated) self must be able to write
- only if an attribute called flags has at least a value
  of 1 anonymous queries can be granted read permission

In other words a kind of combination of the two ACLs below:

access  to dn=".*,o=MyOrg,c=MyCountry" attr=mail
        by self write
        by * none
access  to dn=".*,o=MyOrg,c=MyCountry" filter=(flags>=1) attr=entry
        by * read

How can this be made possible ?


| Albert Siersema aka loonatic | There are no deadlines any deadlier  |
|                              |  nor limits more limiting than those |
|          albert@friendly.net |  we set (for) ourselves         (la) |