I am struggling with setting ACIs to restrict access to
certain attributes
I would like the employeenumber attribute to be visible only to the
user and
only if they are authenticated via sasl gssapi. I have tried several
varients of the following:
(target = "ldap:///ou=People,
dc=ite,dc=gmu,dc=edu")
(targetattr ="employeeNumber")
(version 3.0;acl "EmployeeNumber";
deny (all) userdn="ldap:///anyone" |
allow (read) userdn="ldap:///self" and
authmethod="sasl gssapi";
)
this one seems to deny access regardless of the authmethod or bindbd
used.
Anyone got any pointers?
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users