Openldap access control for specific entry

Question

Is there anyway to restrict access to a specific entry within a directory? For example, I have the following entries:

dn: ou=Contacts,dc=test,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Contacts

dn: uid=3.0,ou=Contacts,dc=test,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: Contact
uid: 3.0
sn: contact1
cn: contact1
telephoneNumber: 43534216576767
street: street test1
ou: contactType1
givenName: contact1
mail: contact1@test.org
mobile: 62346254365243
o: contact1
displayName: contact1

dn: uid=4.0,ou=Contacts,dc=test,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: Contact
uid: 4.0
sn: contact2
cn: contact2
telephoneNumber: 4353421655246
street: street test2
ou: contactType2
givenName: contact2
mail: contact2@test.org
mobile: 62346254365243
o: contact2
displayName: contact2

Is there anyway to restrict access only for entries with attribute "ou: contactType1" ?

http://stackoverflow.com/questions/18081078/dynamic-access-control-in-openldap-ldap — Lucas Araujo, Feb 11 '16 at 12:06

score 0 · Accepted Answer · answered Feb 11 '16 at 12:25

This is the ACL:

access to dn.regex="uid=[^,]+,ou=Contacts,dc=test,dc=com"  
          by set="this/ou & user/employeeType" read
          by * none

Read access is granted to user with attribute "employeeType" equal to contact's "ou" attribute. Please correct me if I am wrong.

Openldap access control for specific entry

1 Answers1