Re: ACL on new value for two attributes

On Tue, Dec 09, 2014 at 04:02:42PM +0100, Michael Ströder wrote:

You should be more clear. Really two separate attributes or two distinct attribute values? Why can't you just use two different ACLs? It's still not clear to me.

Because I would like to allow/deny some values of first attribute depending on values of the second. e.g.: foo cannot be set to X if bar is set.

If I use two ACL, I understand I am testing the new foo value against existing bar values: if the modify operation replace both foo and bar, I cannot enforce my rule.