[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control

To: Digant C Kasundra <digant@uta.edu>, openldap-software@OpenLDAP.org
Subject: Re: Access control
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 25 May 2004 11:00:54 -0700
Content-disposition: inline
In-reply-to: <40B37A09.5090405@uta.edu>
References: <40B37A09.5090405@uta.edu>

--On Tuesday, May 25, 2004 11:53 AM -0500 Digant C Kasundra <digant@uta.edu> wrote:

Hello everyone,

I'm trying to see if/how the following access controls could be written:

1.  Allow * to read attributes (name, email, phonenumber) in entries in
the "cn=people,dc=uta,dc=edu" subtree *IF* attribute
viewableAttributes=email.
(I can understand how to do this for the most part except for the *IF*
condition).

2. Allows write access to users who have the attribute userPrivs=admin.

See
<http://www.stanford.edu/services/directory/openldap/configuration/slapd-acl.html>

I have examples of using attribute filters to create ACL's.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Access control
  - From: Digant C Kasundra <digant@uta.edu>

Prev by Date: Re: Access control
Next by Date: Re: Access control
Index(es):
- Chronological
- Thread