[Date Prev][Date Next] [Chronological] [Thread] [Top]

aci using domain= problem

To: openldap-software@OpenLDAP.org
Subject: aci using domain= problem
From: Curtis J Blank <curt@uwm.edu>
Date: Fri, 03 Jan 2003 10:23:08 -0600
Organization: University of Wisconsin - Milwaukee - Technical Solutions - Information & Media Technology

I was told I have to post this here.

I'm trying to use an aci to restrict attributes to certain machines, it
doesn't seem to work. No machines can see the attributes including the
machines we want to see them. This is the rule:

access to
               
attrs=mail,mailHost,mailLocalAddress,mailRoutingAddress,entry
        by
                self write
        by
                dn="uid=coredb,ou=people,o=uwm.edu" write
        by
                domain=.*\.csd\.uwm\.edu read

It's pretty much right out of the 2.0 Admin manual. Am I restricted to
only using edu.com in the domain field and not csd.edu.com? If the last
"by" entry is "* read" they can be seen, but that is not what we want. I
also added a "by * none" at the end, that made no difference. and I
tried enclosing .*\.csd\.uwm\.com in double quotes i.e.
".*\.csd\.uwm\.com" to noavail. I've tried this on 2.0.23, 2.0.25, and
2.0.27, all with the same results.

And one last question, can I put an actual machine name in i.e.
machine1.csd.uwm.edu? That's actually what I would like to do.

Follow-Ups:
- Re: aci using domain= problem
  - From: Ian Logan <ian@nmsu.edu>

Prev by Date: Weird problem to add a record
Next by Date: RE: daemon: bind(6) failed errno=98 (Address already in use)
Index(es):
- Chronological
- Thread