[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control

Hello everyone,

I'm trying to see if/how the following access controls could be written:

1. Allow * to read attributes (name, email, phonenumber) in entries in the "cn=people,dc=uta,dc=edu" subtree *IF* attribute viewableAttributes=email.
(I can understand how to do this for the most part except for the *IF* condition).

2. Allows write access to users who have the attribute userPrivs=admin.

I'm having problems constructing these. I can do much simpler ones quite easily using the information on the man slapd.access. But these ones are a bit too tough for me to figure out. Any ideas?

-- DK