[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access per Attribute Definition based on ACL

To: "Gary C. New" <garycnew@yahoo.com>
Subject: Re: Access per Attribute Definition based on ACL
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 11 May 2005 17:11:29 +0200
Cc: openldap-software@OpenLDAP.org
Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=HgrC3UPaPfIfPGQGJXcjMAjlWcV1o5oIihkgsZ899rTrHaSTKaqFeFvSrtukNHLz8 tAXoKnij64F3wL2S7vqGg==
In-reply-to: <d5sifm$sn$1@sea.gmane.org>
References: <d5sifm$sn$1@sea.gmane.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050209 LPT-Desktop/1.7.5-3.9.el3.lpt

Gary C. New wrote:

Is it possible to construct an ACL to allow/disallow a specific attribute from being access by another user based on a subsequent attribute in the same entry?
Example:
cn=david,dc=example,dc=net
Views Entry
cn=sam,dc=example,dc=net
postalAddress: 12 Sampson St
hidePostalAddress: TRUE
ACL prevents David from viewing Sam's postalAddress.

access to dn.exact="cn=sam,dc=example,dc=net" filter="(hidePostalAddress=TRUE)" attrs=postalAddress by dn.exact="cn=david,dc=example,dc=net" none

replace dn.exact=pattern with the most appropriate style and pattern and here is the trick.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Access per Attribute Definition based on ACL
  - From: "Gary C. New" <garycnew@yahoo.com>

Prev by Date: Re: Access per Attribute Definition based on ACL
Next by Date: Re: Problem with LDIFReader always requiring version number in LDIF file
Index(es):
- Chronological
- Thread