[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

Emmanuel Blot writes:
> I'd like to give different access rights depending on the 'gid' value.
> gid>=10, user can write maildrop and cn
> gid>=2, user can write maildrop, but can only read cn
> What kind of ACL rules can I use to implement this kind of control ?
> Is there some rules for <who> that will be something like "by filter =
> (group>=8)" ... ??

I don't see how.  Both filter= and attrs= are in the <what> part of
ACLs, and I don't think <what> can have several components.
I think you'll have to use ACIs.