[Date Prev][Date Next] [Chronological] [Thread] [Top]

grant access on a attribute specific value

Hi all,

I am runing an openldap 2.4.7 on debian with small local schema modifications: a few more attributes and an objectClass derived from inetOrgPerson.

I have looked in the administrator's guide and the slapd.access manpage but I can't figure out how to do the following: I want to give write access depending on the value of an attribute.

something like:
access to dn="cn=foo,ou=groups,dc=example,dc=com"
       by (&(objectClass=inetOrgPerson)(employeeType=chief)) write

If I have read the manpage correctly, I can't do it with a filter. Is there any way to get this behavior ?

It is not clear for me if the "dynacl" I saw in the manpage:
- can solve this problem
- are compulsory to solve it

any help ? example ?

Fabrice Eudes               -o)
Clà PGP 88AC3A66            /\\
Utilisateur Linux nÂ245401 _\_V
Tel 09 50 77 73 78
Fax 09 55 77 73 78