Hi list,

is there a possibility to create an acl statement that grants access to any (unknown) value of an attribute but denys access to all values of the same attribute?

For example:

# allow this: dn: cn=PersonA,ou=persons,o=test changetype: modify delete: description description: PersonA's description

# deny this: dn: cn=PersonA,ou=persons,o=test changetype: modify delete: description -

Thank you very much.