[Date Prev][Date Next] [Chronological] [Thread] [Top]

Content-Based Access Control?

Hi all,

would it be possible to configure a content-based access control?
I have following configuration: my ldap contains user data.
Some of the users are local ones and have a regular password entry.
They shall be able to change their password.
Other users are remotely authenticated with saslauthd. 
They shall not be able to change their 'password' which is just a


dn: uid=remoteuser,ou=People,dc=mydomain,dc=de
uid: remoteuser
cn: Adam Example
uidNumber: 9007
gidNumber: 90
sn: Example
userPassword: {SASL}remoteuser

dn: uid=localuser,ou=People,dc=mydomain,dc=de
uid: localuser
cn: Bruce Somename
uidNumber: 1001
gidNumber: 10
sn: Somename
userPassword: {SHA}03de6c570bfe24bfc328ccd7ca46b76eadaf4334

User localuser shall be able to change his password, user remoteuser
not. Can this be done by a fancy ACL entry, rejecting to change
passwords starting with '{SASL}' ?

Thanks in advance,