[Fedora-directory-users] ACI to restrict access to sensitive attributes.
Alastair Neil
ajneil at gmail.com
Thu Jul 28 19:59:18 UTC 2005
I am struggling with setting ACIs to restrict access to certain attributes
I would like the employeenumber attribute to be visible only to the user and
only if they are authenticated via sasl gssapi. I have tried several
varients of the following:
(target = "ldap:///ou=People, dc=ite,dc=gmu,dc=edu")
(targetattr ="employeeNumber")
(version 3.0;acl "EmployeeNumber";
deny (all) userdn="ldap:///anyone" |
allow (read) userdn="ldap:///self" and authmethod="sasl gssapi";
)
this one seems to deny access regardless of the authmethod or bindbd used.
Anyone got any pointers?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050728/70db9f82/attachment.htm>
More information about the Fedora-directory-users
mailing list