[Date Prev][Date Next]
Re: ACLs based on attributes?
Quoting Dieter Kluenter <email@example.com>:
Yes, I'm interested in the <WHO> field, but it seems none of what's
mentioned here can be based on the value of an attribute (e.g.
Specifying <WHAT> is the easy part.
Looks like a description of the "set" option, which is missing from
man slapd.access(5). It's quite complex, unfortunately, but I still
don't see how the set option would allow me to compare the value of a
particular attribute to a predetermined value, and use that as the
only measure for determining access. I need something like:
access to attrs=telephoneNumber
by "users && attrs=(title=telephonemanager)" write
This is pure nonsense, but it's short and I hope that it better
illustrates what I'm looking for. Any ideas?