[Date Prev][Date Next]
Re: filter in ACL?
Bing Du wrote:
> Does openldap support the similar approach as NDS does below?
> aci: (target="ldap:///dc=tamu,dc=edu")
> (targetattr = "homephone")
> (version 3.0; acl "do not show users' homephone";
> userdn = "ldap:///anyone";)
> So the server can react differently depending on how users set the
> homephonesuppress attribute in their entries. Specifically, if the
> homephonesuppress is set to 'true', than the value in the attribute
> homephone is visible to nobody. Otherwise, it's visible to the public.
I think you'll get about what you need by using:
access to filter="(homephonesuppress=true)",attrs=homephone
by * read
access to attrs=homephone
by * none
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:firstname.lastname@example.org
via La Masa 34, 20156 Milano, Italy |