Perhaps via suffix? ________________________________________ From: kashefi@xxxxxxxxxxxxxx [kashefi@xxxxxxxxxxxxxx] Sent: Tuesday, June 21, 2016 03:46 To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx Subject: [389-users] How can I restrict bind operation based on attributes? I have three applications that use my ldap installation to authenticate users with Bind operation. I need to restrict each app so it only be able to bind it's own users. my idea was to create a multi-value attribute for each user named "App" which has the name of the application that the user is allowed use (For instance: mail, portal and office). I'm looking for a way to restrict each application from binding users who do not have that application in their "App" attribute. for example portal application must only be able to bind users which have the attribute "App=portal". I was unable to do such thing using ACI. Is it possible to implement such restriction? -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
