[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control

To: openldap-software@OpenLDAP.org
Subject: Access control
From: Digant C Kasundra <digant@uta.edu>
Date: Tue, 25 May 2004 11:53:29 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2) Gecko/20040301

Hello everyone,

I'm trying to see if/how the following access controls could be written:

1. Allow * to read attributes (name, email, phonenumber) in entries in the "cn=people,dc=uta,dc=edu" subtree *IF* attribute viewableAttributes=email. (I can understand how to do this for the most part except for the *IF* condition).

2. Allows write access to users who have the attribute userPrivs=admin.

I'm having problems constructing these. I can do much simpler ones quite easily using the information on the man slapd.access. But these ones are a bit too tough for me to figure out. Any ideas?

-- DK

Follow-Ups:
- Re: Access control
  - From: John Borwick <borwicjh@wfu.edu>
- Re: Access control
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: OpenOffice LDAP Schema
Next by Date: Re: Access control
Index(es):
- Chronological
- Thread