[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL to replicate a single value of an attribute
On Wed, 1 Aug 2012, Andrei B?NARU wrote:
Is it possible to create an ACL entry that will allow only the first value of
an attribute to be read ( an example would be nice ) ?
For example having userPassword with a first value using MD5 hashing and a
second value as plain text. We plan on replicating that object but we don't
want to include the plain text value of the attribute userPassword.
"First value," no. Ordering isn't guaranteed, you're setting yourself up
for pain if you make security policy around that.
But if you have {MD5}something and {SHA1}else, then you have something
programatic to work with. As a result of ITS#3446 (ancient history at this
point) you should be able to use an ACL like:
access to * attrs=userPassword val.regex=@@WhatYouWant@@ by [...]
to restrict {MD5} or {SHA1} or whatever.