[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access control, groups/organizationalRole
- To: openldap-technical@openldap.org
- Subject: Re: access control, groups/organizationalRole
- From: Frederik Bosch <frederik.bosch@gmail.com>
- Date: Wed, 25 Aug 2010 14:36:02 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=Vde+uruciKkjuCb0lFa/r+zlYmjVvMif1ddliIsxag4=; b=WkwZ7hQouCfHCvwRDtHL2z7BTau8O9365kzHBCPHkLWUoQ9omr5ACY5HammdDUNEiz l7CMQb+xYQi8x07rFNSDfoFe3t54+K7fx2O+CLfNZBfGsIApVMQ1nNIZyNoC9d3bBe4U IQtURkvqzCWi5CPyDSelNP8fwz51jtu45H1fY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=i0L0w51xgWpH2dgwsIbESJ4yjq1ZxwOZC5rA+86b/rQCYA/oZece/x/O6aoxpZY3SV RabDWEYvnd20MN08J4MB5M9SgbmXx1HYPOy6qEjVquYE8BwRfm+0QZabTzrbhFlep9g2 b7FpFsNm5tQTwvc5RIxPb31fHYA/dWuy4qsHA=
- In-reply-to: <4C729BBE.2020204@gmail.com>
- References: <4C729BBE.2020204@gmail.com>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6
That's not what I mean, but thanks for your suggestion.
Let me try to rephrase. Suppose I have an organizationalRole located in
Amsterdam and Rotterdam. Now I only want to assign rights to all
occupants of the organizationalRole located in Amsterdam.
In xpath-like syntax, this would look like this.
access to * by
group/organizationalRole[@location="Amsterdam"]/roleOccupant read
How do I need to rewrite this for slapd?
Thanks,
Frederik
On 08/23/2010 06:03 PM, Frederik Bosch wrote:
Hello,
I am trying to setup an access control rule, but failed. All occupants
of the objectClass organizationalRole which has a certain location may
have read access. How do I setup this rule in slapd.conf?
This is my line at the moment. This matches the dn of the occupant. But
how do I match the location attribute of the organizationalRole?
access to * by
group/organizationalRole/roleOccupant="cn=Administrator,dc=example,dc=com"
read
Thanks in advance,
Frederik