Is it possible to create an RBAC rule that includes a userattr filter? For example, we added a cn=mailinglists and each mailing list has an `owner` attribute. We created a rule to allow anonymous reads in this subtree through RBAC. I know we can create an ACI that would allow the owner to modify the list members: (targetattr = "mgrpRFC822MailMember")(target = "ldap:///cn=*,cn=aliases,dc=example,dc=com";)(version 3.0;acl "Owner Change Aliases";allow (add,delete,write) userattr = "owner#USERDN";)
Is there any way to create this ACI (or something that would do the same thing) through the RBAC system? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
