[Date Prev][Date Next]
Re: Let logged-in users see their accounts
> I am using OpenLDAP 2.2.15 on RHES3.
> I would like to let an account see its own attributes and what groups it
> belongs to, but not be able to view other accounts or groups that it does
> not belong to. This is a requirement of how a lot of applications work
> (e.g., they look at the account you login as and check which groups you
> belong to).
> access to dn.subtree="uid=[self],ou=Accounts,dc=xxx"
> by self read
access to dn.regex="^uid=([^,])+,,ou=Accounts,dc=xx$"
by dn.exact,expand="uid=$1,ou=accounts,dc=xx" write
by * none
> access to dn.subtree="cn=[in-this-group],ou=Groups,dc=xxx"
> by self-in-group read
> I have been reviewing slapd.access but haven't seen a solution so far. I'm
> not sure if there is one.
Dieter Klünter | Systemberatung
GPG Key ID:01443B53