[Date Prev][Date Next]
Re: grant access on a attribute specific value
Fabrice Eudes wrote:
I am runing an openldap 2.4.7 on debian with small local schema
modifications: a few more attributes and an objectClass derived from
I have looked in the administrator's guide and the slapd.access
manpage but I can't figure out how to do the following: I want to give
write access depending on the value of an attribute.
access to dn="cn=foo,ou=groups,dc=example,dc=com"
by (&(objectClass=inetOrgPerson)(employeeType=chief)) write
If I have read the manpage correctly, I can't do it with a filter. Is
there any way to get this behavior ?
It is not clear for me if the "dynacl" I saw in the manpage:
- can solve this problem
- are compulsory to solve it
any help ? example ?
I am not sure how to do exactly what you ask, but an alternative would
be to use the "group" <who> clause.
If all your "chiefs" are in a common group, just add:
by group.exact="cn=Chiefs,ou=Groups,dc=example,dc=com" write