[Date Prev][Date Next]
Re: ACL based on user attibute
Steve Slater wrote:
Back in 2001, Pierangelo answered that OL can not have an ACL based
on the value of an attribute of a bound user.
Has anything changed where this might be possible or anyone have
some good work-arounds? Something like:
Then an ACL of:
access to * by (anyone with myattribute=special) write
Yes, using "sets" <http://www.openldap.org/faq/data/cache/1133.html>,
with something like
access to *
by set="user/myattribute & [special]" write
or, if the attribute is a DN, with the "dnattr" clause. See
slapd.access(5) for details.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497