[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access control attributes list
That seems to work. Except since I was doing a "none" for the
individual attribute, it only works when I specify it first as such:
access to attrs=cn
by dn.exact="cn=someone" none
access to attrs=@inetOrgPerson
by dn.exact="cn=someone" read
On Thu, 2005-09-01 at 18:09 +0200, Pierangelo Masarati wrote:
> > Hello everyone,
> >
> > In the access controls, you can specify all attributes allowed in an
> > objectclass by using the @ notation. Is there a way to do something
> > like "@inetOrgPerson, -cn" so indicate all the attributes allowed in
> > inetOrgPerson but not the cn attribute? (this is obviously just an
> > example)
>
> Not that way, but you get the intended effect by writing a rule that gives
> the desired access to "cn", followed by a similar rule that gives the
> "other" access to all the attributes of the objectClass; for example:
>
> access to attrs=cn
> by dn.exact="cn=someone" read
>
> access to attrs=@inetOrgPerson
> by dn.exact="cn=someone" search
>
>
>
> or you could do it incrementally, e.g.
>
> access to attrs=@inetOrgPerson
> by dn.exact="cn=someone" search break
>
> access to attrs=cn
> by dn.exact="cn=someone" +r
>
>
>
> p.
>
>