[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question

I would like to give read access for all to objectclass=posixAccount, except for the attribute description (covered by FERPA).

For now, I accomplish that by:

access to attr=description
	by * none

access to attr=posixAccount
	by * read

It would be nice if I could do something like:
access to attr=posixAcount,!attr=description
access to attr=posixAccount,attr=uid,attr=gecos,etc..

leaving off description to accomplish this.

Is there anything like this possible?


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html