Re: grant access on a attribute specific value

[Pierangelo Masarati <ando@sys-net.it>]

Fabrice Eudes wrote:

> I tried this but still can't get it to work :-(
> 
>> set="[ldap:///ou=personnes,dc=domain??sub?(&(objectClass=iremLillePerson)(groupesTravail=1200))]/entryDN
>> & user" write
> fails
>> set="[ldap:///ou=personnes,dc=domain??sub?(&(objectClass=iremLillePerson)(groupesTravail=1200))]/entryDN"
>> write
> fails
>> by dn="cn=chief,ou=personnes,dc=domain"
> where groupesTravail of cn=chief contains the value 1200.
> 
> I checked that the filter part is fine.
> 
> don't know what to do next... :-(

Of course, the user needs to have "search" access to the entry, the
attributes and values that are used in the filter...  in your case, to
attrs entry, objectClass and groupesTravail of the user object.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------