[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: acl help access to 'own' attributes
Read to the attribute is fine. I tried to explain a bit in 'pseudo' code
> Access to children(?) ou=xxxx,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local
> filter=(sendmailMTAMapValue=VAR1) attrs=sendmailMTAKey
> by uid=VAR1,ou=yyyy,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local read
-----Original Message-----
To: openldap-technical@openldap.org
Subject: Re: acl help access to 'own' attributes
What I still don't understand do you want only write access to a single
Attribute or to the whole object
(1)
access to dn.children=[1]
by self write
by * none
or (2)
access to attr <attr-name>
by self write
by * none
This (1) will give permission to all Users located in [1] write access
to their own object. (2) will give access only to a list (comma
separated) of attributes. But be aware that you have to look at which
position you put the new ACL in your ACL-List
Am 27.11.19 um 22:41 schrieb Marc Roos:
> Can anyone help how I should make the acls that allows users[2] access
> attributes of ldap entries[1] that have themselves listed in the
> attribute value sendmailMTAMapValue
>
> Something like:
> Access to children? ou=xxxx,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local
> filter=(sendmailMTAMapValue=VAR1) attrs=sendmailMTAKey
> by uid=VAR1,ou=yyyy,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local read
>
>
> [1]
> dn:
> sendmailMTAKey=test@example.com,ou=xxxx,ou=dddd,ou=cccc,dc=bbbb,dc=aaa
> a,
> dc=local
> objectClass: sendmailMTA
> objectClass: sendmailMTAMap
> objectClass: sendmailMTAMapObject
> objectClass: ritAdditionalInfo
> sendmailMTAMapName: virtuser
> sendmailMTACluster: mail
> sendmailMTAKey: test@example.com
> sendmailMTAMapValue: testuser
>
> [2]
> uid=testuser,ou=yyyy,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html