[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

--On Sunday, January 31, 2010 11:09 AM -0800 Quanah Gibson-Mount <quanah@zimbra.com> wrote:

--On Sunday, January 31, 2010 7:12 PM +0100 Jaap Winius <jwinius@umrk.nl>

    access to attrs=telephoneNumber
       by "users && attrs=(title=telephonemanager)" write

This is pure nonsense, but it's short and I hope that it better
illustrates what I'm looking for. Any ideas?

From slapd.access(5)
       The  statement filter=<ldapfilter> selects the entries based on a
       LDAP filter as described in RFC 4515.  A filter of
(objectClass=*) is
       implied if no filter form is given.

Take a look at:


There's a clear example of using an attribute value to filter access.

Blah, I was thinking this in the wrong direction. Sets are likely what you need. I think the syntax would be more

by set.exact="user/title=telephonemanager" write



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration