[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "hidden" attributes in openldap?

On 16/03/2011 17:49, Christian Manal wrote:
Am 16.03.2011 16:31, schrieb George Mamalakis:
so I tried to implement it through acls. I created a group called i.e.
"cn=publish mail,ou=Groups,dc=example,dc=com" where people wishing to
disclose their emails are members of this group. On the acl statement I
couldn't find a way to restrict my acl based on "conditional attributes".
You mean something like this?

    access to attrs=mail
       by group="cn=publish mail,ou=Groups,dc=example,dc=com" read
       by * none

See slapd.access(5) for details.

Christian Manal

Christian thank you for your reply,

No, this is not what i mean. In your example you allow the mail attribute to be shown to those belonging to the cn=publish mail,ou=Groups,dc=example,dc=com group. I want *all* (not those belonging to that group) authenticated users to see this attribute if the owner of the record is member of this group.

I think I am reaching a partial solution which I will send once I test it.

Thanx again for your reply.

George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379