[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs based on attributes?

To: openldap-technical@openldap.org
Subject: ACLs based on attributes?
From: Jaap Winius <jwinius@umrk.nl>
Date: Sun, 31 Jan 2010 01:01:32 +0100
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Hi all,

Is it possible to define an ACL that gives a DN access to a particularattribute in other DNs based on the value of one of its own attributes?

For example, would it be possible to define an ACL that would allow aDN with title=telephonemanager to update only the telephoneNumberattribute of other DNs? In other words, the ACL would allow updates totelephoneNumber, but only for search filter title=telephonemanager; asimple a change of the title would result in the gain or loss of theright to make such updates.


Thanks,

Jaap

Follow-Ups:
- Re: ACLs based on attributes?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Requiring LDAP host entries for user login
Next by Date: Re: understanding userid .vs. uid
Index(es):
- Chronological
- Thread