diff options
Diffstat (limited to '')
-rw-r--r-- | contrib/slapd-modules/acl/README.now | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/contrib/slapd-modules/acl/README.now b/contrib/slapd-modules/acl/README.now new file mode 100644 index 0000000..5af9255 --- /dev/null +++ b/contrib/slapd-modules/acl/README.now @@ -0,0 +1,65 @@ +# create a simple slapd.conf (e.g. by running test003) + + + +# define the attributes (replace MyOID with a valid OID) + +attributetype ( MyOID:1 NAME 'validityStarts' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) +attributetype ( MyOID:2 NAME 'validityEnds' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + + + +# load the module + +moduleload "now_dynacl.so" + + + +# and apply the following access rules + +access to dn.exact="dc=example,dc=com" + by * read + +access to dn.children="dc=example,dc=com" + by dynacl/now=">=validityStarts" read break + +access to dn.children="dc=example,dc=com" + by dynacl/now="<=validityEnds" read + + + +# Then load the LDIF + +dn: cn=Too Late,dc=example,dc=com +objectClass: device +objectClass: extensibleObject +cn: Too Late +validityStarts: 20000101000000Z +validityEnds: 20100101000000Z + +dn: cn=Just in Time,dc=example,dc=com +objectClass: device +objectClass: extensibleObject +cn: Just in Time +validityStarts: 20100101000000Z +validityEnds: 20200101000000Z + +dn: cn=Too Early,dc=example,dc=com +objectClass: device +objectClass: extensibleObject +cn: Too Early +validityStarts: 20200101000000Z +validityEnds: 20300101000000Z + + +# an anonymous ldapsearch should only find the entry + +$ ldapsearch -x -H ldap://:9011 -b dc=example,dc=com -LLL 1.1 +dn: cn=Just in Time,dc=example,dc=com + |