[Fedora-directory-users] roles and access control
Pete Rowley
pete at openrowley.com
Tue Jun 14 22:02:55 UTC 2005
A combination of a value based aci targeting nsroledn:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#997653
And value matching access:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#997653
Gets you there. There are probably other ways to do this too. Using Macro
aci's will cut down on the aci admin for this
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#1195760
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf
> Of Gary Mann
> Sent: Tuesday, June 14, 2005 2:13 PM
> To: fedora-directory-users at redhat.com
> Subject: [Fedora-directory-users] roles and access control
>
>
> a question: we have a requirement where only users that have
> a role are able to see role membership. so if i have role A,
> i can see the membership for role A (search on
> nsRole=<roleA>) but cannot necessarily see role B members,
> etc. the same restriction applies when pulling the nsRole attribute.
>
> is there any way (via aci) to support this? i've implemented
> a plugin (actually 2 - a computed attribute and preop) that
> supports this but wanted to make sure that i wasn't missing
> something in aci setup that would accomplish the same thing.
>
> Thanks,
> Gary
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
More information about the Fedora-directory-users
mailing list