[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?



Quoting Dieter Kluenter <dieter@dkluenter.de>:

man slapd.access(5)
Yes, I'm interested in the <WHO> field, but it seems none of what's  
mentioned here can be based on the value of an attribute (e.g.  
title=telephonemanager).
http://www.openldap.org/faq/data/cache/429.html
Specifying <WHAT> is the easy part.

http://www.openldap.org/faq/data/cache/1133.html
Looks like a description of the "set" option, which is missing from  
man slapd.access(5). It's quite complex, unfortunately, but I still  
don't see how the set option would allow me to compare the value of a  
particular attribute to a predetermined value, and use that as the  
only measure for determining access. I need something like:
   access to attrs=telephoneNumber
      by "users && attrs=(title=telephonemanager)" write

This is pure nonsense, but it's short and I hope that it better illustrates what I'm looking for. Any ideas?
Thanks,

Jaap