[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL


I'd like to give different access rights to attributes, depending on a 'group id'.

Schema example

dn: uid=joe.user1,o=anorg,c=us
uid: joe.user1
gid: 8
cn: Joe User1
maildrop: joe.user1@somewhere.com

dn: uid=joe.user2,o=anorg,c=us
uid: joe.user2
gid: 16
cn: Joe User2
maildrop: joe.user2@somewhere.com

I'd like to give different access rights depending on the 'gid' value.

gid>=10, user can write maildrop and cn
gid>=2, user can write maildrop, but can only read cn

What kind of ACL rules can I use to implement this kind of control ?
Is there some rules for <who> that will be something like "by filter = (group>=8)" ... ??