[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL's - read but not search?
Hi,
I want to create a set of ACL's that will allow users to view certain
attributes, but not search on those attributes. The biggest example
is phone numbers. I want to allow users to look up the phone number
for a person, but not look up the person for that phone number.
For a single ACL, if I permit a specific action, I also permit all
actions actions above it also. For example, read access implies
search access, and write access implies both read and search access.
http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control
Does anyone know of a way to allow read access on an attribute,
without search access on that same attribute?
Thanks,
Matt
--
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard@fandm.edu