[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: ACLs based on attributes?
From: Jaap Winius <jwinius@umrk.nl>
Date: Sun, 31 Jan 2010 19:12:07 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <87ljfelldy.fsf@rubin.avci.de>
References: <20100131010132.mt6mxu5o88xco440@www.umrk.nl> <87ljfelldy.fsf@rubin.avci.de>
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Quoting Dieter Kluenter <dieter@dkluenter.de>:

man slapd.access(5)

Yes, I'm interested in the <WHO> field, but it seems none of what'smentioned here can be based on the value of an attribute (e.g.title=telephonemanager).

http://www.openldap.org/faq/data/cache/429.html


Specifying <WHAT> is the easy part.

http://www.openldap.org/faq/data/cache/1133.html

Looks like a description of the "set" option, which is missing fromman slapd.access(5). It's quite complex, unfortunately, but I stilldon't see how the set option would allow me to compare the value of aparticular attribute to a predetermined value, and use that as theonly measure for determining access. I need something like:


   access to attrs=telephoneNumber
      by "users && attrs=(title=telephonemanager)" write

This is pure nonsense, but it's short and I hope that it betterillustrates what I'm looking for. Any ideas?


Thanks,

Jaap

Follow-Ups:
- Re: ACLs based on attributes?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- ACLs based on attributes?
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: ACLs based on attributes?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: ppolicy : managing passwords by another user than root
Next by Date: Re: ACLs based on attributes?
Index(es):
- Chronological
- Thread