[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: filter in ACL?

To: Bing Du <Bing-Du@cis-gw.tamu.edu>
Subject: Re: filter in ACL?
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Wed, 24 Oct 2001 08:07:06 +0200
Cc: OpenLDAP-software@OpenLDAP.org
Organization: Dipartimento di Ingegneria Aerospaziale
References: <sbd53a32.089@cis-gw.tamu.edu>

Bing Du wrote:
> 
> Does openldap support the similar approach as NDS does below?
> 
> aci: (target="ldap:///dc=tamu,dc=edu";)
>   (targetfilter="(homephonesuppress=true)")
>   (targetattr = "homephone")
>   (version 3.0; acl "do not show users' homephone";
>    allow(none)
>    userdn = "ldap:///anyone";;)
> 
> So the server can react differently depending on how users set the
> homephonesuppress attribute in their entries.  Specifically, if the
> homephonesuppress is set to 'true', than the value in the attribute
> homephone is visible to nobody.  Otherwise, it's visible to the public.

I think you'll get about what you need by using:

access to filter="(homephonesuppress=true)",attrs=homephone
	by * read
access to attrs=homephone
	by * none

Pierangelo.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati

References:
- filter in ACL?
  - From: "Bing Du" <Bing-Du@cis-gw.tamu.edu>

Prev by Date: Re: referral problem (subordinate information)
Next by Date: entry control in ldap tree
Index(es):
- Chronological
- Thread