directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin <kevi...@bluewin.ch>
Subject ACI rule depending on authenticated user attribute
Date Sun, 06 Mar 2016 15:07:15 GMT
I host an ldap server of a organization. All users have attributes 'EntryYear' and 'ExitYear'.
With ACI rules, I'd like to restrict that each user can only read the user attributes of users
which were member of the organization at the same time.

So the query should work like this:
(&(entryYear<=AUTHENTICATED_USERS_EXITYEAR)(exitYear>=AUTHENTICATED_USERS_ENTRYYEAR))

I thought about a solution in the subtreeSpecification with a filter like mentioned above.
But I don't get it how I could use the attributes of the authenticated user.

Am I on the right track? Is there an opportunity that covers my needs?

Any help is appreciated.
Mime
View raw message