[Date Prev][Date Next]
Re: OpenLDAP 2.1 and ACL
> Emmanuel Blot writes:
>> I'd like to give different access rights depending on the 'gid' value.
>> gid>=10, user can write maildrop and cn
>> gid>=2, user can write maildrop, but can only read cn
>> What kind of ACL rules can I use to implement this kind of control ?
>> Is there some rules for <who> that will be something like "by filter =
>> (group>=8)" ... ??
> I don't see how. Both filter= and attrs= are in the <what> part of
> ACLs, and I don't think <what> can have several components.
> I think you'll have to use ACIs.
By using "break" one can have ACL checking continues to other
access statements; if you can write several <what> parts that
end up in what you need, then it's done (but it's still a