[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

To: "Hallvard B Furuseth" <h.b.furuseth@usit.uio.no>
Subject: Re: OpenLDAP 2.1 and ACL
From: "Emmanuel Blot" <emmanuel.blot@free.fr>
Date: Sun, 19 Jan 2003 19:09:57 +0100
Cc: <openldap-software@OpenLDAP.org>
References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <HBF.20030113kanr@bombur.uio.no>

Hello,

I'd like to give different access rights to attributes, depending on a 'group id'.

Schema example

dn: uid=joe.user1,o=anorg,c=us
uid: joe.user1
gid: 8
cn: Joe User1
maildrop: joe.user1@somewhere.com

dn: uid=joe.user2,o=anorg,c=us
uid: joe.user2
gid: 16
cn: Joe User2
maildrop: joe.user2@somewhere.com

I'd like to give different access rights depending on the 'gid' value.

gid>=10, user can write maildrop and cn
gid>=2, user can write maildrop, but can only read cn

What kind of ACL rules can I use to implement this kind of control ?
Is there some rules for <who> that will be something like "by filter = (group>=8)" ... ??

Thanks,
Emmanuel.

Follow-Ups:
- Re: OpenLDAP 2.1 and ACL
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- OpenLDAP 2.1 and filters
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Re: OpenLDAP 2.1 and filters
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Abysmally poor write performance
Next by Date: Implementation-specific error 80. (from another angle)
Index(es):
- Chronological
- Thread