[Date Prev][Date Next] [Chronological] [Thread] [Top]

Content-Based Access Control?

To: openldap-technical@openldap.org
Subject: Content-Based Access Control?
From: Frank Rust <frust@iti.cs.tu-bs.de>
Date: Fri, 26 Nov 2010 08:30:25 +0100

Hi all,

would it be possible to configure a content-based access control?
I have following configuration: my ldap contains user data.
Some of the users are local ones and have a regular password entry.
They shall be able to change their password.
Other users are remotely authenticated with saslauthd. 
They shall not be able to change their 'password' which is just a
redirection.

Example:

dn: uid=remoteuser,ou=People,dc=mydomain,dc=de
uid: remoteuser
cn: Adam Example
uidNumber: 9007
gidNumber: 90
sn: Example
userPassword: {SASL}remoteuser

dn: uid=localuser,ou=People,dc=mydomain,dc=de
uid: localuser
cn: Bruce Somename
uidNumber: 1001
gidNumber: 10
sn: Somename
userPassword: {SHA}03de6c570bfe24bfc328ccd7ca46b76eadaf4334

User localuser shall be able to change his password, user remoteuser
not. Can this be done by a fancy ACL entry, rejecting to change
passwords starting with '{SASL}' ?

Thanks in advance,
Frank

Follow-Ups:
- Re: Content-Based Access Control?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: syncrepl problems
Next by Date: Re: can't use godaddy SSL cert
Index(es):
- Chronological
- Thread