[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: configure ACL: allow access until after a period of time?

Zhang Weiwu wrote:

I've been looking for a solution to define time-based ACL. e.g. a user
can access certain entries only since now on until after 3 months. Is it

Of course I can also set up a cron-job or simply mark on my calendar, to
remove access of this entry after a period of time, e.g. 3 months. But I
wonder if it's possible to let slapd manage it.

e.g. I want to make certain group of users not able to access all
contact records in certain department after 2008-08-08 (but still can
access other records).

Thank you very much in advance. Would be kind of you to just give me
some links where I can get these knowledge myself (didn't seems to find
related information in 2.4 admin manual)

I don't think anything like that is possible; however, I vaguely recall receiving a similar requirement from a customer. The suggested solution (not implemented, AFAIR, because the requirement was dropped) was to implement a "time" dynacl module that simply allowed/denied access based on some rule on the current time (it was intended to allow/deny access based on wallclock times, but it could be easily turned into any kind of condition with respect to current time). I think that's the way to go.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   ando@sys-net.it