[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

Quoting Dieter Kluenter <dieter@dkluenter.de>:

man slapd.access(5)

Yes, I'm interested in the <WHO> field, but it seems none of what's mentioned here can be based on the value of an attribute (e.g. title=telephonemanager).


Specifying <WHAT> is the easy part.


Looks like a description of the "set" option, which is missing from man slapd.access(5). It's quite complex, unfortunately, but I still don't see how the set option would allow me to compare the value of a particular attribute to a predetermined value, and use that as the only measure for determining access. I need something like:

   access to attrs=telephoneNumber
      by "users && attrs=(title=telephonemanager)" write

This is pure nonsense, but it's short and I hope that it better illustrates what I'm looking for. Any ideas?