[Date Prev][Date Next]
Does dnattr work?
I posted a question about some OpenLDAP ACL's here a few days back;
specifically, the use of the dnattr option. I've been totally unsuccessfull
in getting the "dnattr" feature to work right.
In a rule like this:
access to dn="cn=.*,ou=lists,ou=people,dc=go2net,dc=com"
by group="cn=administrators,ou=security,dc=go2net,dc=com" write
by group="cn=mailadmin,ou=security,dc=go2net,dc=com" write
by dnattr=owner write
by anonymous read
by * read
With the "owner" field set to:
If I bind to the directory as that user, I get permission denied for writing.
I've gotten several personal messages since I posted the question, basically
saying "Yeah, I have the same problem, no idea"... so, is there anyone out
there successfully using the dnattr function? Is there some magic bit that
needs to be flipped to make it work? An attribute that's missing?
email@example.com - (http://sysadminsith.org)
Evil Lord of the Sysadmin Sith Darth Rmdashrf