[Date Prev][Date Next] [Chronological] [Thread] [Top]

Combined ACL with filter and without ?

To: OpenLDAP-software@OpenLDAP.org
Subject: Combined ACL with filter and without ?
From: Albert Siersema <albert@friendly.net>
Date: Wed, 08 Mar 2000 02:28:24 +0100

One of those pesky ACL questions again :-)

I'm trying to come up with an ACL in which I can
restrict access to an attribute like this:
- (authenticated) self must be able to write
- only if an attribute called flags has at least a value
  of 1 anonymous queries can be granted read permission

In other words a kind of combination of the two ACLs below:

access  to dn=".*,o=MyOrg,c=MyCountry" attr=mail
        by self write
        by * none
access  to dn=".*,o=MyOrg,c=MyCountry" filter=(flags>=1) attr=entry
        attrs=cn,mail.sn
        by * read

How can this be made possible ?

TIA,
Albert
/\lbert

/---------------------------------------------------------------------\
| Albert Siersema aka loonatic | There are no deadlines any deadlier  |
|                              |  nor limits more limiting than those |
|          albert@friendly.net |  we set (for) ourselves         (la) |
\---------------------------------------------------------------------/

Follow-Ups:
- Re: Combined ACL with filter and without ?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: how to apply shemas
Next by Date: how to use referral
Index(es):
- Chronological
- Thread