[Date Prev][Date Next]
Re: Access per Attribute Definition based on ACL
Hallvard B Furuseth wrote:
Gary C. New writes:
Is it possible to construct an ACL to allow/disallow a specific
attribute from being access by another user based on a subsequent
attribute in the same entry? (...)
postalAddress: 12 Sampson St
Something like this:
access to filter=(hidePostalAddress=TRUE) attrs=postalAddress
by self write
by <whoever can read it anyway> read
(and you could put "by * none" at the end for readability,
but that's the default anyway.)
See 'man slapd.access' in OpenLDAP 2.2.
Would this filter display other attributes under Sam's dn (i.e., l, st,
c)? What about other dn entries (i.e., Carl, George, Sue) that do not
contain the attribute "hidePostalAddress: TRUE" but that should also be
displayed in the result set, without filtering out the postalAddress?
Thank you, again, for your assistance.