Zhang Weiwu wrote:
I've been looking for a solution to define time-based ACL. e.g. a user
can access certain entries only since now on until after 3 months. Is it
possible?
Of course I can also set up a cron-job or simply mark on my calendar, to
remove access of this entry after a period of time, e.g. 3 months. But I
wonder if it's possible to let slapd manage it.
e.g. I want to make certain group of users not able to access all
contact records in certain department after 2008-08-08 (but still can
access other records).
Thank you very much in advance. Would be kind of you to just give me
some links where I can get these knowledge myself (didn't seems to find
related information in 2.4 admin manual)
I don't think anything like that is possible; however, I vaguely recall
receiving a similar requirement from a customer. The suggested solution
(not implemented, AFAIR, because the requirement was dropped) was to
implement a "time" dynacl module that simply allowed/denied access based
on some rule on the current time (it was intended to allow/deny access
based on wallclock times, but it could be easily turned into any kind of
condition with respect to current time). I think that's the way to go.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: [EMAIL PROTECTED]
-----------------------------------
