[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: FURPA - HIPA - Filter help -- ACL
søn, 2003-02-16 kl. 16:12 skrev Some LDAP Admin:
> I was wondering how people are setting up their LDAP directory
> to include both viewable data and non-viewable data.
>
> The FURPA Law which applies to all schools in the US requires this.
More or less every grown-up DIT would.
> How would you do something like this with LDAP ?
Have you tried splitting the acl at the point that you want privacy?
With a pencil and paper?
dc=somecoll,dc=edu
|
-------------------------------
| |
ou=people everybodyelse
That's the way I do it. To the left self can write, everybody can read,
to the right not - or you can define what you want to allow..
access to dn="cn=person,ou=people,dc=somecoll,dc=edu"
attr=whatEverYouWant1,whatEverYouWant2
by self write
by dn="ou=people,dc=somecoll,dc=edu" read
(implies "by everybodyelse, forget it")
I can go deeper and deeper, but don't particularly want to here. You can
use regexes and all that kind of thing, namely, and it begins to get
complicated then.
Best,
Tony
--
Tony Earnshaw
When you rob a person of his illusions,
you are robbing him of his happiness
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl