[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and ObjectClass


In the slapd.access(5) manpage there's a text that says

'The statement attrs=<attrlist> selects the attributes the access control rule applies to. It is a comma-separated list of attribute types, plus the special names entry, indicating access to the entry itself, and children, indicating access to the entry's children. ObjectClass names may also be specified in this list, which will affect all the attributes that are required and/or allowed by that objectClass. Actually, names in <attrlist> that are prefixed by @ are directly treated as objectClass names. A name prefixed by ! is also treated as an objectClass, but in this case the access rule affects the attributes that are not required nor allowed by that objectClass'.

this means if i have an ACL like:

access to attrs=!posixAccount by * read

Only the attributes required and/or allowed by objectClass posixAccount would be readed by anyone, right?
I tried this but it not work.

      .~.    Gessy Caetano da Silva Júnior
     / v \   Laboratório de Computação Científica
    /(   )\  LCC/CENAPAD 	Tel: 3499-5389
     ^^-^^   Universidade Federal de Minas Gerais