[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and multiple mandatory conditions


The goal is to give access to a ressource based on two mandatory

I want user DN to match a rule, and attribute value to match another
rule, which depends on the user

This yields me two rules. The first one allow a user that has a given ou
in ouManager set to modify the authorizedService in this ou. I did not
test the second one yet, but the idea is that the user has a
serviceManager attribute telling which value of authorizedService he is
allowed to set.

access to dn.regex="^uid=.+,ou=.+,o=home$" attrs=authorizedService
    by set.exact="user/ouManager & this/-1" write stop

access to attrs.regex=authorizedService val.regex="(.*)"
    by set="user/serviceManager & ${v1}" write stop

But I need to perform a AND between the two rules. How can that be done?

Emmanuel Dreyfus