Re: [PROPOSAL][DISCUSSION] Applying 'AND/OR' logic to the authz providers...

Brian Akins Wed, 21 Dec 2005 12:20:43 -0800

Brad Nicholes wrote:

if ((user == "John) ||((Group == "admin") && (ldap-group <stated-object> contains
auth'ed_user) &&
   ((ldap-attribute dept == "sales") || (file-group contains contains
auth'ed_user))))
then
   auth_granted
else
auth_denied

I've seen some custom auth modules whose config looks pretty much likethis pseudo code. It's clumsy, but very powerful.



--
Brian Akins
Lead Systems Engineer
CNN Internet Technologies

Re: [PROPOSAL][DISCUSSION] Applying 'AND/OR' logic to the authz providers...

Reply via email to