[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd ACL - limit bind to employeeType=<various>

To: Tim Watts <tim.j.watts@kcl.ac.uk>, openldap-technical@openldap.org
Subject: Re: slapd ACL - limit bind to employeeType=<various>
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Sun, 10 Apr 2016 19:01:44 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 edge01.zimbra.com E2AE8441C6
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1460340110; bh=Albh6lNSuKEdN1tL0a7Nh+w++eHBaJBxrxAOI2BK1dM=; h=Date:From:To:Message-ID:MIME-Version; b=L6iqon24fDE3qvOH+WlTobZ2RyXwqcAXkXWOsCCI0cQmrSPmWdRND9eKRL7MJ3WeH xhCAnQAKNzs4kHnY6vgUOfe07fq8f4m4AuVT2CGe/xgOhPFIx3ZqcwjKUQH6kIHXGO uPLUPjV+UbxhYWy5lf5LXpC7mVkM5ZyM9rdqxCas=
In-reply-to: <570ACD82.5070000@kcl.ac.uk>
References: <570ACD82.5070000@kcl.ac.uk>

--On Monday, April 11, 2016 12:02 AM +0100 Tim Watts<tim.j.watts@kcl.ac.uk> wrote:

access to attrs=userPassword
         by peername.path="/var/run/slapd/ldapi" manage
         by set="user/uid &
[cn=sysadmin,ou=groups,dc=dighum,dc=kcl,dc=ac,dc=uk]/memberUid" manage
         by self write
         by * auth

You might be able to work something out using filter=... and access touserpasswd that way?


--Quanah



--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc

References:
- slapd ACL - limit bind to employeeType=<various>
  - From: Tim Watts <tim.j.watts@kcl.ac.uk>

Prev by Date: slapd ACL - limit bind to employeeType=<various>
Next by Date: Re: slapd ACL - limit bind to employeeType=<various>
Index(es):
- Chronological
- Thread