Zhang Weiwu wrote:
I've been looking for a solution to define time-based ACL. e.g. a user can access certain entries only since now on until after 3 months. Is it possible?
Of course I can also set up a cron-job or simply mark on my calendar, to remove access of this entry after a period of time, e.g. 3 months. But I wonder if it's possible to let slapd manage it.
e.g. I want to make certain group of users not able to access all contact records in certain department after 2008-08-08 (but still can access other records).
Thank you very much in advance. Would be kind of you to just give me some links where I can get these knowledge myself (didn't seems to find related information in 2.4 admin manual)
I don't think anything like that is possible; however, I vaguely recall receiving a similar requirement from a customer. The suggested solution (not implemented, AFAIR, because the requirement was dropped) was to implement a "time" dynacl module that simply allowed/denied access based on some rule on the current time (it was intended to allow/deny access based on wallclock times, but it could be easily turned into any kind of condition with respect to current time). I think that's the way to go.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando@sys-net.it -----------------------------------