[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: aci using domain= problem
Doh! I think that was it, thank you very much! Configured and compiled
it with --enable-rlookups and it seems to be working. I never thought
of that, to look at the compile options. Have been using SuSE's rpm's
but when running into acl bugs in .23 did compile .25 and now .27 but
didn't (should have) looked through the options.
Thanks again,
-Curt Blank
Ian Logan wrote:
>
> Morning,
> Do you have reverse name lookups turned on?
> With the 2.0 stuff I think its a compile time option, although
> I could be wrong I havent played with 2.0.x in a while.
> Ian
>
> On Fri, Jan 03, 2003 at 10:23:08AM -0600, Curtis J Blank wrote:
> > I was told I have to post this here.
> >
> > I'm trying to use an aci to restrict attributes to certain machines, it
> > doesn't seem to work. No machines can see the attributes including the
> > machines we want to see them. This is the rule:
> >
> > access to
> >
> > attrs=mail,mailHost,mailLocalAddress,mailRoutingAddress,entry
> > by
> > self write
> > by
> > dn="uid=coredb,ou=people,o=uwm.edu" write
> > by
> > domain=.*\.csd\.uwm\.edu read
> >
> > It's pretty much right out of the 2.0 Admin manual. Am I restricted to
> > only using edu.com in the domain field and not csd.edu.com? If the last
> > "by" entry is "* read" they can be seen, but that is not what we want. I
> > also added a "by * none" at the end, that made no difference. and I
> > tried enclosing .*\.csd\.uwm\.com in double quotes i.e.
> > ".*\.csd\.uwm\.com" to noavail. I've tried this on 2.0.23, 2.0.25, and
> > 2.0.27, all with the same results.
> >
> > And one last question, can I put an actual machine name in i.e.
> > machine1.csd.uwm.edu? That's actually what I would like to do.
>
> --
> Ian Logan
> Information and Communication Technologies
> New Mexico State University
> Email: ian@nmsu.edu Phone: 505-646-6034 Fax: 505-646-4560