Thanks again Dieter. That looks way to difficult for me :). I changed
some things. Now suppose that I want to assign read access to every
roleOccupant in a organizationalRole.
access to * by group/organizationalRole/roleOccupant read
But that's not correct syntax. Slapd won't start. It has to be like this:
access to * by group/organizationalRole/roleOccupant="<DN>" read
What syntax do I need to let "<DN>" match the whole tree?
Thanks for the help,
Frederik
Op 25-8-2010 14:36, Frederik Bosch schreef:
That's not what I mean, but thanks for your suggestion.
Let me try to rephrase. Suppose I have an organizationalRole located
in Amsterdam and Rotterdam. Now I only want to assign rights to all
occupants of the organizationalRole located in Amsterdam.
In xpath-like syntax, this would look like this.
access to * by
group/organizationalro...@location="Amsterdam"]/roleOccupant read
How do I need to rewrite this for slapd?
Thanks,
Frederik
On 08/23/2010 06:03 PM, Frederik Bosch wrote:
Hello,
I am trying to setup an access control rule, but failed. All occupants
of the objectClass organizationalRole which has a certain location may
have read access. How do I setup this rule in slapd.conf?
This is my line at the moment. This matches the dn of the occupant. But
how do I match the location attribute of the organizationalRole?
access to * by
group/organizationalRole/roleOccupant="cn=Administrator,dc=example,dc=com"
read
Thanks in advance,
Frederik
