[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control, groups/organizationalRole

To: openldap-technical@openldap.org
Subject: Re: access control, groups/organizationalRole
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 25 Aug 2010 16:07:46 +0200
In-reply-to: <4C750E32.9030503@gmail.com> (Frederik Bosch's message of "Wed, 25 Aug 2010 14:36:02 +0200")
References: <4C729BBE.2020204@gmail.com> <4C750E32.9030503@gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Frederik Bosch <frederik.bosch@gmail.com> writes:

> That's not what I mean, but thanks for your suggestion.
>
> Let me try to rephrase. Suppose I have an organizationalRole located
> in Amsterdam and Rotterdam. Now I only want to assign rights to all
> occupants of the organizationalRole located in Amsterdam.
>
> In xpath-like syntax, this would look like this.
>
> access to * by
> group/organizationalRole[@location="Amsterdam"]/roleOccupant read
>
> How do I need to rewrite this for slapd?

You may have a look at access control by sets.
http://www.openldap.org/faq/data/cache/1133.html

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- access control, groups/organizationalRole
  - From: Frederik Bosch <frederik.bosch@gmail.com>
- Re: access control, groups/organizationalRole
  - From: Frederik Bosch <frederik.bosch@gmail.com>

Prev by Date: Re: access control, groups/organizationalRole
Next by Date: Re: overlay: How to not apply attribute modification to background ?
Index(es):
- Chronological
- Thread