[Date Prev][Date Next]
Re: "hidden" attributes in openldap?
On 16/03/2011 17:49, Christian Manal wrote:
Am 16.03.2011 16:31, schrieb George Mamalakis:
so I tried to implement it through acls. I created a group called i.e.
"cn=publish mail,ou=Groups,dc=example,dc=com" where people wishing to
disclose their emails are members of this group. On the acl statement I
couldn't find a way to restrict my acl based on "conditional attributes".
You mean something like this?
access to attrs=mail
by group="cn=publish mail,ou=Groups,dc=example,dc=com" read
by * none
See slapd.access(5) for details.
Christian thank you for your reply,
No, this is not what i mean. In your example you allow the mail
attribute to be shown to those belonging to the cn=publish
mail,ou=Groups,dc=example,dc=com group. I want *all* (not those
belonging to that group) authenticated users to see this attribute if
the owner of the record is member of this group.
I think I am reaching a partial solution which I will send once I test it.
Thanx again for your reply.
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379