[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control, groups/organizationalRole

To: openldap-technical@openldap.org
Subject: Re: access control, groups/organizationalRole
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 23 Aug 2010 18:35:43 +0200
In-reply-to: <4C729BBE.2020204@gmail.com> (Frederik Bosch's message of "Mon, 23 Aug 2010 18:03:10 +0200")
References: <4C729BBE.2020204@gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Frederik Bosch <frederik.bosch@gmail.com> writes:

> Hello,
>
> I am trying to setup an access control rule, but failed. All occupants
> of the objectClass organizationalRole which has a certain location may
> have read access. How do I setup this rule in slapd.conf?
>
> This is my line at the moment. This matches the dn of the
> occupant. But how do I match the location attribute of the
> organizationalRole?
>
> access to * by
> group/organizationalRole/roleOccupant="cn=Administrator,dc=example,dc=com"
> read

slapd.access(5)
access to * by
group=cn=Administrator,dc=example,dc=com attrs=location

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- access control, groups/organizationalRole
  - From: Frederik Bosch <frederik.bosch@gmail.com>

Prev by Date: access control, groups/organizationalRole
Next by Date: Syncrepl REFRESH_PRESENT leads to glue nodes on branch nodes in the tree on the consumer
Index(es):
- Chronological
- Thread