[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL based on user attibute

Steve Slater wrote:


Back in 2001, Pierangelo answered that OL can not have an ACL based
on the value of an attribute of a bound user.


Has anything changed where this might be possible or anyone have
some good work-arounds? Something like:

dn: uid=user,dc=me,dc=com
<user stuff...>
myattribute: special

Then an ACL of:

access to * by (anyone with myattribute=special) write

Yes, using "sets" <http://www.openldap.org/faq/data/cache/1133.html>, with something like

access to *
   by set="user/myattribute & [special]" write

or, if the attribute is a DN, with the "dnattr" clause. See slapd.access(5) for details.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497