[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Content-Based Access Control?
Hi all,
would it be possible to configure a content-based access control?
I have following configuration: my ldap contains user data.
Some of the users are local ones and have a regular password entry.
They shall be able to change their password.
Other users are remotely authenticated with saslauthd.
They shall not be able to change their 'password' which is just a
redirection.
Example:
dn: uid=remoteuser,ou=People,dc=mydomain,dc=de
uid: remoteuser
cn: Adam Example
uidNumber: 9007
gidNumber: 90
sn: Example
userPassword: {SASL}remoteuser
dn: uid=localuser,ou=People,dc=mydomain,dc=de
uid: localuser
cn: Bruce Somename
uidNumber: 1001
gidNumber: 10
sn: Somename
userPassword: {SHA}03de6c570bfe24bfc328ccd7ca46b76eadaf4334
User localuser shall be able to change his password, user remoteuser
not. Can this be done by a fancy ACL entry, rejecting to change
passwords starting with '{SASL}' ?
Thanks in advance,
Frank