[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control by attribute value of bound user?

To: openldap-software@openldap.org
Subject: Re: Access control by attribute value of bound user?
From: Vladimir Dzhuvinov <vd@valan.net>
Date: Thu, 10 Jul 2008 11:14:19 +0300
In-reply-to: <87iqvfp2uz.fsf@rubin.l4b.de>
References: <48748B58.7000205@valan.net> <87iqvfp2uz.fsf@rubin.l4b.de>
User-agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509)

Thank you both for your answers!

I didn't expect that "sets" was the solution to allowing access to users
with a specific attribute value in their entry.

In my particular case I wanted to allow access only by users with their
attribute "transactionCenterRole" set to "admin". Here is the actual
statement that got me what I want:

access to filter=(objectClass=transactionCenterUser)
	by set="user/transactionCenterRole & [admin]" write
	by * read


Vladimir
--
Vladimir Dzhuvinov * www.valan.net * PGP key ID AC9A5C6C

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- Access control by attribute value of bound user?
  - From: Vladimir Dzhuvinov <vd@valan.net>
- Re: Access control by attribute value of bound user?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: How to initialize cn=schema,cn=config with the system schema
Next by Date: Re: How to initialize cn=schema,cn=config with the system schema
Index(es):
- Chronological
- Thread