[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question

To: openldap-software@OpenLDAP.org
Subject: ACL question
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 05 Mar 2003 21:27:17 -0800
Content-disposition: inline

I would like to give read access for all to objectclass=posixAccount, except for the attribute description (covered by FERPA).

For now, I accomplish that by:

access to attr=description
	by * none

access to attr=posixAccount
	by * read

It would be nice if I could do something like:
access to attr=posixAcount,!attr=description
or
access to attr=posixAccount,attr=uid,attr=gecos,etc..

leaving off description to accomplish this.

Is there anything like this possible?

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: ACL question
  - From: Theoodre Knab <tjk@annapolislinux.org>

Prev by Date: plaintext works, {crypt} - Inappropriate authentication
Next by Date: Re: plaintext works, {crypt} - Inappropriate authentication
Index(es):
- Chronological
- Thread