[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access control attributes list
> Hello everyone,
>
> In the access controls, you can specify all attributes allowed in an
> objectclass by using the @ notation. Is there a way to do something
> like "@inetOrgPerson, -cn" so indicate all the attributes allowed in
> inetOrgPerson but not the cn attribute? (this is obviously just an
> example)
Not that way, but you get the intended effect by writing a rule that gives
the desired access to "cn", followed by a similar rule that gives the
"other" access to all the attributes of the objectClass; for example:
access to attrs=cn
by dn.exact="cn=someone" read
access to attrs=@inetOrgPerson
by dn.exact="cn=someone" search
or you could do it incrementally, e.g.
access to attrs=@inetOrgPerson
by dn.exact="cn=someone" search break
access to attrs=cn
by dn.exact="cn=someone" +r
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497