Hello everyone,
I'm trying to see if/how the following access controls could be written:
1. Allow * to read attributes (name, email, phonenumber) in entries in the "cn=people,dc=uta,dc=edu" subtree *IF* attribute viewableAttributes=email. (I can understand how to do this for the most part except for the *IF* condition).
2. Allows write access to users who have the attribute userPrivs=admin.
See <http://www.stanford.edu/services/directory/openldap/configuration/slapd-acl.html>
I have examples of using attribute filters to create ACL's.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html