[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Complex Group ACL "selfwrite" question

To: "Leslie M. Barstow III" <phoenix@faerealm.com>
Subject: Re: Complex Group ACL "selfwrite" question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 11 Feb 2000 13:01:51 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.10002091429390.1072-100000@faerealm.faerealm .com>

At 02:38 PM 2/9/00 -0700, Leslie M. Barstow III wrote:
>I am hoping someone can help with this...
>
>I am setting up an OpenLDAP server for my workplace, and there are some
>features which have been requested which I am unsure if LDAP can perform
>(properly).
>
>The one feature is the ability to use LDAP with Sendmail.  This appears to
>work fine with the 8.10 betas (I need alias support...).
>
>In conjunction with that, we have a couple of mail aliases which we would
>like to make open to subscription by users (they would be able to add and
>remove themselves from the group).  This I can't figure out - it seems
>that specifying:
>
>access to ".*,ou=Aliases,o=VR-1 Inc.,c=US" attr=entry,member
> by dnattr=member selfwrite
>
>per the Admin Guide exaples will only get me the full DN of the user

Yes, that's how refer to users.  Applications can use the DN to
obtain the values of attributes stored in the referenced entry.

>(and what I really need is to validate vs. their mail attr, and add/remove the
>mail attribute without the leading "mail=").

Basically, the application needs to be coded to understand LDAP
group mechanisms (which there actually a couple varients).

>Is there any way to do this?

Well, if the application doesn't already support it, you'd have
to hack.

>Lastly (and I apologize for this, but could not find the answer) - are
>ACIs available in the latest production version yet?

No.

Follow-Ups:
- Re: Complex Group ACL "selfwrite" question
  - From: "Leslie M. Barstow III" <phoenix@faerealm.com>

Prev by Date: Re: backend database
Next by Date: Re: No such Object
Index(es):
- Chronological
- Thread