[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL based on user attibute

To: Steve Slater <slater@nuc.berkeley.edu>, openldap-software@OpenLDAP.org
Subject: Re: ACL based on user attibute
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Sat, 29 Jan 2005 01:25:12 -0800
Content-disposition: inline
In-reply-to: <6.2.0.14.0.20050129004947.0432fa10@localhost>
References: <6.2.0.14.0.20050129004947.0432fa10@localhost>

--On Saturday, January 29, 2005 1:02 AM -0800 Steve Slater <slater@nuc.berkeley.edu> wrote:

Hi,

Back in 2001, Pierangelo answered that OL can not have an ACL based
on the value of an attribute of a bound user.

http://www.openldap.org/lists/openldap-software/200108/msg00331.html

Has anything changed where this might be possible or anyone have
some good work-arounds? Something like:

dn: uid=user,dc=me,dc=com
<user stuff...>
myattribute: special

Then an ACL of:

access to * by (anyone with myattribute=special) write

Sure, you can make a dynamic group based off of that attribute, and then give that group write access. This is available in OL 2.2.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

References:
- ACL based on user attibute
  - From: Steve Slater <slater@nuc.berkeley.edu>

Prev by Date: ACL based on user attibute
Next by Date: Re: ACL based on user attibute
Index(es):
- Chronological
- Thread