[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs: "and" clause in ACLs

To: openldap-software@OpenLDAP.org
Subject: Re: ACLs: "and" clause in ACLs
From: paul kölle <paul@subsignal.org>
Date: Tue, 09 Nov 2004 12:42:39 +0100
In-reply-to: <41909F48.7090309@linux.it>
References: <41909F48.7090309@linux.it>
User-agent: Mozilla Thunderbird 0.9 (Windows/20041103)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fabio Spelta wrote:
| Hi list, and thanks for reading.
|
| I am wondering if it is possible to join two rules in a "who" field of
| an ACL, in a way so both *must* match for granting the associated
| permission.
| What I need is allowing certain write and read access only to users that
| are authenticated with a certain dn, AND from a defined IP (peername).
|
| Is that possible, and how?
I think you can use "break" to get what you want:

access to dn.exact="cn=foo,ou=bar..." attrs=children,...
	by peername.ip = 153.44.12.12 break # go to next rule
	by * none

access to dn.exact="cn=foo,ou=bar..." attrs=children,...
	by dn.regex="uid=[^,]+,ou=... write
	by * none

hth
~~ Paul

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBkK0vZMF3PJg2BX4RAmW5AKDY/lvjY7qIhv7dwtYnRVvwx8B+dgCg1Txf
6NpkiHKerGh8TRQtxuAycVk=
=pYqr
-----END PGP SIGNATURE-----

References:
- ACLs: "and" clause in ACLs
  - From: Fabio Spelta <spelta@linux.it>

Prev by Date: Re: Subordinate ACL question
Next by Date: Will rewrite context in slapd.conf solve my problem?
Index(es):
- Chronological
- Thread