[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL based on user attibute





--On Saturday, January 29, 2005 1:02 AM -0800 Steve Slater <slater@nuc.berkeley.edu> wrote:

Hi,

Back in 2001, Pierangelo answered that OL can not have an ACL based
on the value of an attribute of a bound user.

http://www.openldap.org/lists/openldap-software/200108/msg00331.html

Has anything changed where this might be possible or anyone have
some good work-arounds? Something like:

dn: uid=user,dc=me,dc=com
<user stuff...>
myattribute: special

Then an ACL of:

access to * by (anyone with myattribute=special) write

Sure, you can make a dynamic group based off of that attribute, and then give that group write access. This is available in OL 2.2.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin