[Date Prev][Date Next]
Re: access control, groups/organizationalRole
- To: firstname.lastname@example.org
- Subject: Re: access control, groups/organizationalRole
- From: Frederik Bosch <email@example.com>
- Date: Thu, 26 Aug 2010 10:47:02 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=DobFCbdRqfH04nlVDhBi4qxi/1kOxPzkv9RmyNhLajU=; b=uynSxIlvwWt2g0PlaJ78YjtT5bc3+onnc9VHPFq9aqESNjWhdgxx8fhnWVSxddkr9d XQCrCQopEl6P0to/W55AWCCEkhhWS8765TFs/UfnpSTaEeWtnriIo2g7t4Ytt1H1caFe mdqWWzTd7nc2GbZUCRO3YglCLczvLRdILXGCM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=BR2gP5haLhhmDDA6JGbZE8+SbxBYtpI7mHV5N0prZEHAxzrzyUltGd5iMT6RVMoQBm 9tFbk5n5fMPxL+CbBUFqcA46ChdlYPvSe8tAgbLJL64amQMJ0oFCh/h4i+VnpPMgghFq JL6UNPdbjpU4czkNH4+CuOhftSwD1VmtgU77k=
- In-reply-to: <4C750E32.firstname.lastname@example.org>
- References: <4C729BBE.email@example.com> <4C750E32.firstname.lastname@example.org>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:220.127.116.11) Gecko/20100802 Thunderbird/3.1.2
Thanks again Dieter. That looks way to difficult for me :). I changed
some things. Now suppose that I want to assign read access to every
roleOccupant in a organizationalRole.
access to * by group/organizationalRole/roleOccupant read
But that's not correct syntax. Slapd won't start. It has to be like this:
access to * by group/organizationalRole/roleOccupant="<DN>" read
What syntax do I need to let "<DN>" match the whole tree?
Thanks for the help,
Op 25-8-2010 14:36, Frederik Bosch schreef:
That's not what I mean, but thanks for your suggestion.
Let me try to rephrase. Suppose I have an organizationalRole located
in Amsterdam and Rotterdam. Now I only want to assign rights to all
occupants of the organizationalRole located in Amsterdam.
In xpath-like syntax, this would look like this.
access to * by
How do I need to rewrite this for slapd?
On 08/23/2010 06:03 PM, Frederik Bosch wrote:
I am trying to setup an access control rule, but failed. All occupants
of the objectClass organizationalRole which has a certain location may
have read access. How do I setup this rule in slapd.conf?
This is my line at the moment. This matches the dn of the occupant. But
how do I match the location attribute of the organizationalRole?
access to * by
Thanks in advance,