[Date Prev][Date Next]
Re: FURPA - HIPA - Filter help -- ACL
søn, 2003-02-16 kl. 16:12 skrev Some LDAP Admin:
> I was wondering how people are setting up their LDAP directory
> to include both viewable data and non-viewable data.
> The FURPA Law which applies to all schools in the US requires this.
More or less every grown-up DIT would.
> How would you do something like this with LDAP ?
Have you tried splitting the acl at the point that you want privacy?
With a pencil and paper?
That's the way I do it. To the left self can write, everybody can read,
to the right not - or you can define what you want to allow..
access to dn="cn=person,ou=people,dc=somecoll,dc=edu"
by self write
by dn="ou=people,dc=somecoll,dc=edu" read
(implies "by everybodyelse, forget it")
I can go deeper and deeper, but don't particularly want to here. You can
use regexes and all that kind of thing, namely, and it begins to get
When you rob a person of his illusions,
you are robbing him of his happiness