Re: 2.2.13 - acl : set directive seems not working ?

["Pierangelo Masarati" <ando@sys-net.it>]

> I try to migrate from 2.0.27 (rh) to 2.2.13 (fc2) and I get problem with
> my ACL using set directive :
> I want to retrieve data by comparing the attribut of the user connected
> and records of <my_node>. It seems to not check set rules in the new
> version.
>
> ldif exemple :
> dn: cn=user,o=example.com
> objectclass: <my_own_oc>
> department: dept1
>
> dn: o=child1,o=node1,o=example.com
> objectclass: <my_own_oc>
> department: dept1
>
> acl used (1) :
> access to dn.subtree="o=node1,o=example.com"
>   by set.exact="this/department & user/department" read
>
> I've none error on openldap starting. A ldapsearch return 0 result.
> After many test, I also try the following acl, which doesn't work too
>
> acl used (2) :
> access to dn.subtree="<my_node>"
>   by set.exact="this/department & [dept1]" read
>
> In Changelog, I saw the ITS3140 corrected in 2.2.16 but it did not
> correspond to my problem, so I think it wouldn't be better with the
> lattest release.

There have been indeed a few changes to sets related code after 2.2.13. 
Before investigating any further I suggest you try with 2.2.20.  I just
tried the first of the rules you indicate in your mail on a fresh build of
re22, and it works as intended without problems.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497