[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Another ACL question about set usage

To: ando@sys-net.it (Pierangelo Masarati)
Subject: Re: Another ACL question about set usage
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sun, 18 Feb 2007 07:50:03 +0100
Cc: openldap-software@openldap.org
In-reply-to: <45D737EE.9040704@sys-net.it>
User-agent: MacSOUP/2.7 (unregistered)

    by set.exact="this/frESPCImail &
([ldap:///]+(([ldap:///dc=espci,dc=fr??one?
(frESPCImanager=]+user+[)])/entryDN+[??one])/entryDN)/rfc822mailbox"

I'm trying to understand that set. There is a first step:
ldap:///dc=espci,dc=fr??one?(frESPCImanager=]+user+[)])/entryDN

That retreive the ou's DN for which the user is a manager.
Why can't we write it that way?
([frESPCImanager=]+user)


Let's call OU_MANAGER the result of the above query. We are left with
that second step:

[ldap:///]+OU_MANAGER+[??one])/entryDN)/rfc822mailbox"

We so perform a query for all users' rfc822mailbox within OU_MANAGER.
Again, why the following would be wrong?
([ou=]+OU_MANAGER+[,dc=espci,dc=fr])/rfc822mailbox


Let's call MANAGED_MAILADDR the result of the above operation, the last
operation is 
this/frESPCImail & MANAGED_MAILADDR

That one is obvious to understand, no problem.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- Re: Another ACL question about set usage
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: RE: Authenticating via relaying - binding questions
Next by Date: Re: OpenLDAP 2.4
Index(es):
- Chronological
- Thread