6.7. Adding your own access control list

6.7. Adding your own access control list
Prev	Chapter 6. LDAP based modules	Next

You may need to restrict access to some attributes in your LDAP schemas, usually passwords and sensitive data. This is done implementing the _includeLDAPAcls method, which should return a reference to an array that contains your access control list.

Let's see what this method looks like in the samba module:

sub _includeLDAPAcls {
	my $self = shift;

	my $ldapconf = $self->{ldap}->ldapConf;

	my @acls = ("access to attribute=sambaNTPassword,sambaLMPassword\n" .
			"\tby dn=\"" . $ldapconf->{'rootdn'} . "\" write\n" .
			"\tby * none\n");

	return \@acls;
}

The above snippet will result in slapd.con as follows:

        access to attribute=sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=ebox" write
        by * none

Prev	Up	Next
6.6. Including your own LDAP schemas	Home	Chapter 7. Model-View-Controller internals