[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access per Attribute Definition based on ACL



Gary C. New writes:
> Is it possible to construct an ACL to allow/disallow a specific
> attribute from being access by another user based on a subsequent
> attribute in the same entry?  (...)
>
> cn=sam,dc=example,dc=net
> postalAddress: 12 Sampson St
> hidePostalAddress: TRUE

Something like this:

access to filter=(hidePostalAddress=TRUE) attrs=postalAddress
       by self write
       by <whoever can read it anyway> read

(and you could put "by * none" at the end for readability,
but that's the default anyway.)

See 'man slapd.access' in OpenLDAP 2.2.

-- 
Hallvard
Don't anthropomorphize computers. They hate that.