I would like the employeenumber attribute to be visible only to the user and
only if they are authenticated via sasl gssapi. I have tried several varients of the following:
(target = "ldap:///ou=People, dc=ite,dc=gmu,dc=edu")
(targetattr ="employeeNumber")
(version 3.0;acl "EmployeeNumber";
deny (all) userdn="ldap:///anyone" |
allow (read) userdn="ldap:///self" and authmethod="sasl gssapi";
)
this one seems to deny access regardless of the authmethod or bindbd used.
Anyone got any pointers?
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
