[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: <what> in ACL defined by set?
> masarati@aero.polimi.it wrote:
>>> Is it possible to specify the<what> clause in an ACL with a set?
>>
>> No.
>>
>>> We have several applications and for each application there's a
>>> specific
>>> AUXILIARY object class for application-specific user attributes.
>>>
>>> So for each application I add ACLs like this:
>>>
>>> access to
>>> dn.onelevel="ou=Users,dc=example,dc=org"
>>> attrs=@app1User
>>> by dn.subtree="cn=app1,ou=Systems,dc=example,dc=org" read
>>> by * break
>>>
>>> Obviously I'd like to have one ACL which references an attribute
>>> specifying
>>> the auxiliary object class in the app's system entry. Is that possible?
>>
>> I'm not sure I understand your question: is it that you would like to
>> have
>> something like
>>
>> attrs=<attr>
>>
>> with<attr> depending on the contents of the entry, or of another entry
>> resulting from the evaluation of some expression?
>
> Yes, exactly. Preferrably with <attr> being the object class form prefixed
> with @. The name of the object class should be read from an attribute in
> the
> accompanying system user entry (referenced as user in set-syntax).
OK, I confirm the no. Perhaps this could be implemented as a style of
"attrs", something like
attrs.set="@user/myAttr"
or something like that?
p.