[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access rule for multiple attributetypes



Kurt,

Thanks for the reply. Have you tried this method? Perhaps I am doing something wrong but it does not seem to work.

The following is from man slapd.access

    The statement attrs=<attrlist> selects  the  attributes  the
    access  control  rule  applies  to.  It is a comma-separated
    list of attribute types, plus the special names entry, indi-
    cating  access to the entry itself, and children, indicating
    access to the entry's children. ObjectClass names  may  also
    be  specified in this list, which will affect all the attri-
    butes that are required and/or allowed by that  objectClass.
    Actually,  names  in  <attrlist>  that are prefixed by @ are
    directly treated as objectClass names.  A name prefixed by !
    is  also  treated  as  an  objectClass, but in this case the
    access rule affects the attributes that are not required nor
    allowed by that objectClass.

I have defined an objectclass like this as a test

objectclass     ( BathObjectClass:8 NAME 'BathDOEPerson'
   DESC 'Allow ACL for bathdoe attributes'
   SUP top
   MAY ( bathdoepublications )
   )

and an ACL like this

access to attr=@bathdoeperson
      by self write
      by dn.base="cn=directory manager,o=bath.ac.uk" write
      by * none

Does this correct to you?


--On 10 September 2004 14:07 -0700 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:


At 02:58 AM 9/10/2004, Paul Christie wrote:
I have about 30 attributes all with names starting with 'bathdoe' I need
to set an access rule in slapd.conf for all of them. Is there a way to
do this without repeating the rule many times?

You can define an auxiliary class which allows all these attributes, then use that class in your ACLs. See slapd.conf(5) for details.

It does not look as though it is possible to split the list of
attributes over more then one line so the number of attributes per
access statement is limited, especially if if you want the statements to
look tidy.

Paul Christie
Bath University Computing Services




Paul Christie Bath University Computing Services