On 16/03/2011 17:49, Christian Manal wrote:
Am 16.03.2011 16:31, schrieb George Mamalakis:so I tried to implement it through acls. I created a group called i.e. "cn=publish mail,ou=Groups,dc=example,dc=com" where people wishing to disclose their emails are members of this group. On the acl statement I couldn't find a way to restrict my acl based on "conditional attributes".You mean something like this? access to attrs=mail by group="cn=publish mail,ou=Groups,dc=example,dc=com" read by * none See slapd.access(5) for details. Regards, Christian Manal
Christian thank you for your reply,No, this is not what i mean. In your example you allow the mail attribute to be shown to those belonging to the cn=publish mail,ou=Groups,dc=example,dc=com group. I want *all* (not those belonging to that group) authenticated users to see this attribute if the owner of the record is member of this group.
I think I am reaching a partial solution which I will send once I test it. Thanx again for your reply. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379