[Date Prev][Date Next] [Chronological] [Thread] [Top]

Attribute value restrictions

To: openldap-software@OpenLDAP.org
Subject: Attribute value restrictions
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 06 May 2003 09:25:20 -0700
Content-disposition: inline

Hello,

Anyone know if it is possible to restrict access to particular values of attributes?

For example, we have an attribute called "suprivilegegroup". Values come forms like:

suprivilegegroup=gsb:affiliate
suprivilegegroup=gsb:affiliate-student
suprivilegegroup=gsb:affiliate-education
suprivilegegroup=gsb:affiliate-faculty
suprivilegegroup=chemistry:faculty_active
suprivilegegroup=chemistry:faculty_all
suprivilegegroup=chemistry:faculty_full

etc.

What I would like to do is be able to do something like:

access to attrs=suprivilegegroup=gsb:* by
  dn="gsb"

access to attrs=suprivilegegroup=chemistry:* by
  dn="chemistry"

This would mean that the Chemistry department can only see those privilegegroup values that start with chemistry:, etc.

Anyone know if this is possible?

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Prev by Date: using openldap on another platform
Next by Date: RE: difference between ldaps and startTLS
Index(es):
- Chronological
- Thread