[Date Prev][Date Next]
RE: Access List Example
Thanks, for your assistance.
Everythings working great..
One other question. I'm using the attr with multiple attributes
And it works great, but I noticed that there's also a attrs and I
Was wondering if there's any difference between the two, maybe
Todd M. Leone
Admin. Computing Services
University of Utah
From: M Butcher [mailto:firstname.lastname@example.org]
Sent: Wednesday, May 28, 2003 2:50 PM
To: Leone, Todd
Subject: Re: Access List Example
Here's an example of restricting access to general users, while allowing
the admin group (well, role, actually) to see them.
access to attr=description
by dn="cn=Manager,dc=mycompany,dc=com" write
by * none
The second 'by' specifies that "organizationalRole" is to be treated
like a group, and that group members are specified with "roleOccupant."
So, anyone listed as a roleOccupant in
"cn=Administrators,dc=mycompany,dc=com" will be given write access to
the description field.
There is more info somewhere in the Faq-O-Matic at openldap.org, I
On Wed, 2003-05-28 at 13:59, Leone, Todd wrote:
> I've been fighting with this all day and hopefully someone will share
> An example of their access list in regards to the following:
> Based upon group membership, display multiple attributes..
> For example:
> Uid=test,ou=people,o=suffix is in group employees
> So if test binds and searches, sn=smith
> The results will display employeeNumber, workphone, etc...
> But is someone else searches who's not in group employees
> employeeNumber, workphone will not be displayed....
> Any examples will be greatly
> Todd Leone
> University of Utah
M Butcher <email@example.com>