[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.1 and ACL
Hello,
I'd like to give different access rights to attributes, depending on a 'group id'.
Schema example
dn: uid=joe.user1,o=anorg,c=us
uid: joe.user1
gid: 8
cn: Joe User1
maildrop: joe.user1@somewhere.com
dn: uid=joe.user2,o=anorg,c=us
uid: joe.user2
gid: 16
cn: Joe User2
maildrop: joe.user2@somewhere.com
I'd like to give different access rights depending on the 'gid' value.
gid>=10, user can write maildrop and cn
gid>=2, user can write maildrop, but can only read cn
What kind of ACL rules can I use to implement this kind of control ?
Is there some rules for <who> that will be something like "by filter = (group>=8)" ... ??
Thanks,
Emmanuel.