ACI to allow group to access one attribute

Thursday, 22 February 2018

hi,

I need one specific attribute to be hidden for anyone but one group.

I've tested this one:

     (targetattr = "myCustomAttr") (version 3.0; acl "deny all but
admins"; deny (all) groupdn !=
"ldap:///cn=admins,ou=Groups,dc=company,dc=global";)

and seems to work. 

Is this the right way to do it?
Can I face any side effects?

regards,

abosch

-- 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005