mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-01-05 06:31:11 -05:00
65 lines
1.4 KiB
Text
65 lines
1.4 KiB
Text
# create a simple slapd.conf (e.g. by running test003)
|
|
|
|
|
|
|
|
# define the attributes (replace MyOID with a valid OID)
|
|
|
|
attributetype ( MyOID:1 NAME 'validityStarts'
|
|
EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
|
|
attributetype ( MyOID:2 NAME 'validityEnds'
|
|
EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
|
|
|
|
|
|
|
|
# load the module
|
|
|
|
moduleload "now_dynacl.so"
|
|
|
|
|
|
|
|
# and apply the following access rules
|
|
|
|
access to dn.exact="dc=example,dc=com"
|
|
by * read
|
|
|
|
access to dn.children="dc=example,dc=com"
|
|
by dynacl/now=">=validityStarts" read break
|
|
|
|
access to dn.children="dc=example,dc=com"
|
|
by dynacl/now="<=validityEnds" read
|
|
|
|
|
|
|
|
# Then load the LDIF
|
|
|
|
dn: cn=Too Late,dc=example,dc=com
|
|
objectClass: device
|
|
objectClass: extensibleObject
|
|
cn: Too Late
|
|
validityStarts: 20000101000000Z
|
|
validityEnds: 20100101000000Z
|
|
|
|
dn: cn=Just in Time,dc=example,dc=com
|
|
objectClass: device
|
|
objectClass: extensibleObject
|
|
cn: Just in Time
|
|
validityStarts: 20100101000000Z
|
|
validityEnds: 20200101000000Z
|
|
|
|
dn: cn=Too Early,dc=example,dc=com
|
|
objectClass: device
|
|
objectClass: extensibleObject
|
|
cn: Too Early
|
|
validityStarts: 20200101000000Z
|
|
validityEnds: 20300101000000Z
|
|
|
|
|
|
# an anonymous ldapsearch should only find the entry
|
|
|
|
$ ldapsearch -x -H ldap://:9011 -b dc=example,dc=com -LLL 1.1
|
|
dn: cn=Just in Time,dc=example,dc=com
|
|
|