Re: ACLs based on attributes?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Sunday, January 31, 2010 11:09 AM -0800 Quanah Gibson-Mount 
<quanah@zimbra.com> wrote:

> --On Sunday, January 31, 2010 7:12 PM +0100 Jaap Winius <jwinius@umrk.nl>
> wrote:
>
> >     access to attrs=telephoneNumber
> >        by "users && attrs=(title=telephonemanager)" write
> >
> > This is pure nonsense, but it's short and I hope that it better
> > illustrates what I'm looking for. Any ideas?
>
> > From slapd.access(5)
>        The  statement filter=<ldapfilter> selects the entries based on a
> valid
>        LDAP filter as described in RFC 4515.  A filter of
> (objectClass=*) is
>        implied if no filter form is given.
>
> Take a look at:
>
> <http://www.stanford.edu/services/directory/openldap/configuration/slapd-
> acl.html>
>
> There's a clear example of using an attribute value to filter access.

Blah, I was thinking this in the wrong direction.  Sets are likely what you 
need.  I think the syntax would be more

by set.exact="user/title=telephonemanager" write

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration