[Date Prev][Date Next] [Chronological] [Thread] [Top]

2.2.13 - acl : set directive seems not working ?

I try to migrate from 2.0.27 (rh) to 2.2.13 (fc2) and I get problem with my ACL using set directive :
I want to retrieve data by comparing the attribut of the user connected and records of <my_node>. It seems to not check set rules in the new version.

ldif exemple :
dn: cn=user,o=example.com
objectclass: <my_own_oc>
department: dept1

dn: o=child1,o=node1,o=example.com
objectclass: <my_own_oc>
department: dept1

acl used (1) :
access to dn.subtree="o=node1,o=example.com"
 by set.exact="this/department & user/department" read

I've none error on openldap starting. A ldapsearch return 0 result. After many test, I also try the following acl, which doesn't work too

acl used (2) :
access to dn.subtree="<my_node>"
 by set.exact="this/department & [dept1]" read

In Changelog, I saw the ITS3140 corrected in 2.2.16 but it did not correspond to my problem, so I think it wouldn't be better with the lattest release.

Have you any idea ?