[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: apping ACLs to groupmembers

On Sun, Mar 06, 2005 at 09:50:55AM +0100, Dieter Kluenter wrote:
> Andreas Schuldei <andreas@schuldei.org> writes:
> > * Dieter Kluenter (dieter@dkluenter.de) [040117 17:44]:
> >> Andreas Schuldei <andreas@schuldei.org> writes:
> >> If you are looking for access control not based on subtrees but on
> >> entries you should try aci's.
> >
> > this has become a issue again and still needs solving.
> >
> > to clarify: 
> >
> > members in group A can write to certain attributes of entries in group B.
> > members in group C can write to certain attributes of entries in group A and B.
> >
> > the groups are hybrids of posixGroup and groupOfNames.
> Read man slapd.access(5), there are some samples on attributelists.
> Furthermore this could be achieved with set, for sample configuration
> search the the archive, as Ando has mailed a few examples lately. The
> following faqs may help as well.

i tried and think the search engine is not playing along:

can you please give some more search phrases to use?

> http://www.openldap.org/faq/data/cache/1133.html
> http://www.openldap.org/faq/data/cache/1134.html

i am reading up on sets now, but dont see yet how they can help
me to limit access based on group membership in the subject and
the object. note that i mean user's membership in posixGroups or
groupOfNames here.