[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control, groups/organizationalRole



That's not what I mean, but thanks for your suggestion.

Let me try to rephrase. Suppose I have an organizationalRole located in Amsterdam and Rotterdam. Now I only want to assign rights to all occupants of the organizationalRole located in Amsterdam.

In xpath-like syntax, this would look like this.

access to * by group/organizationalRole[@location="Amsterdam"]/roleOccupant read

How do I need to rewrite this for slapd?
Thanks,

Frederik



On 08/23/2010 06:03 PM, Frederik Bosch wrote:
Hello,

I am trying to setup an access control rule, but failed. All occupants
of the objectClass organizationalRole which has a certain location may
have read access. How do I setup this rule in slapd.conf?

This is my line at the moment. This matches the dn of the occupant. But
how do I match the location attribute of the organizationalRole?

access to * by
group/organizationalRole/roleOccupant="cn=Administrator,dc=example,dc=com"
read

Thanks in advance,

Frederik