[Date Prev][Date Next]
I cannot get the "set=<setspec>" access control directive to work. I have
read through the note at:
I have a rule that says this:
access to dn.subtree="ou=Test,dc=apu,dc=edu"
by set="[cn=TestGroup,dc=apu,dc=edu].uniqueMember & user" read
by * none
Where "cn=TestGroup" is a groupOfUniqueNames.
If I bind as a user listed in "TestGroup", I cannot read any information
in the "Test" tree. Do I have the syntax incorrect? Does anyone have a
good example of this that they have gotten working?
I understand that I can perform this type of access control with the
"group" directive instead of the "set" directive. I'm mainly interested
in understanding the syntax "set" directive and how it works--especially
the recursive lookups.