[Date Prev][Date Next]
I would like to give read access for all to objectclass=posixAccount,
except for the attribute description (covered by FERPA).
For now, I accomplish that by:
access to attr=description
by * none
access to attr=posixAccount
by * read
It would be nice if I could do something like:
access to attr=posixAcount,!attr=description
access to attr=posixAccount,attr=uid,attr=gecos,etc..
leaving off description to accomplish this.
Is there anything like this possible?
Senior Systems Administrator
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html