[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

To: openldap-technical@openldap.org
Subject: Re: ACLs based on attributes?
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sun, 31 Jan 2010 09:38:17 +0100
In-reply-to: <20100131010132.mt6mxu5o88xco440@www.umrk.nl> (Jaap Winius's message of "Sun, 31 Jan 2010 01:01:32 +0100")
References: <20100131010132.mt6mxu5o88xco440@www.umrk.nl>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Jaap Winius <jwinius@umrk.nl> writes:

> Hi all,
>
> Is it possible to define an ACL that gives a DN access to a particular
> attribute in other DNs based on the value of one of its own attributes?
>
> For example, would it be possible to define an ACL that would allow a
> DN with title=telephonemanager to update only the telephoneNumber
> attribute of other DNs? In other words, the ACL would allow updates to
> telephoneNumber, but only for search filter title=telephonemanager; a
> simple a change of the title would result in the gain or loss of the
> right to make such updates.

man slapd.access(5)
http://www.openldap.org/faq/data/cache/429.html
http://www.openldap.org/faq/data/cache/1133.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: ACLs based on attributes?
  - From: Jaap Winius <jwinius@umrk.nl>

References:
- ACLs based on attributes?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: understanding userid .vs. uid
Next by Date: ppolicy : managing passwords by another user than root
Index(es):
- Chronological
- Thread