[Date Prev][Date Next]
Re: Access per Attribute Definition based on ACL
Gary C. New writes:
> Is it possible to construct an ACL to allow/disallow a specific
> attribute from being access by another user based on a subsequent
> attribute in the same entry? (...)
> postalAddress: 12 Sampson St
> hidePostalAddress: TRUE
Something like this:
access to filter=(hidePostalAddress=TRUE) attrs=postalAddress
by self write
by <whoever can read it anyway> read
(and you could put "by * none" at the end for readability,
but that's the default anyway.)
See 'man slapd.access' in OpenLDAP 2.2.
Don't anthropomorphize computers. They hate that.