[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL: Combining domain and other <who> directives?



Hello!

After digging into the admin guide and FAQmatic I am not yet aware of how to solve this problem:

I only want to allow access to an OpenLDAP 2 server from one domain. Within that domain, some other <who> directives are important in order to allow different access from none to write. Maybe I am suffering from total misconception, but I am just missing boolean operators like "NOT" operator or an "AND", that's why I cant formulate the rules in OpenLDAP lingo.

In pseudo code, this is what I am after:

access to *
 if (domain ==  .*.domain.tld) {
     if (self) {
       write
     }
     elseif (users) {
       read
     }
 }
 else {
     no access at all.
 }


Can anybody help out here?

Thanks!

Marian