[Date Prev][Date Next] [Chronological] [Thread] [Top]

set=<setspec>



I cannot get the "set=<setspec>" access control directive to work.  I have 
read through the note at:

http://www.openldap.org/faq/data/cache/452.html

I have a rule that says this:

access to dn.subtree="ou=Test,dc=apu,dc=edu"
  by set="[cn=TestGroup,dc=apu,dc=edu].uniqueMember & user" read
  by * none

Where "cn=TestGroup" is a groupOfUniqueNames.

If I bind as a user listed in "TestGroup", I cannot read any information
in the "Test" tree.  Do I have the syntax incorrect?  Does anyone have a
good example of this that they have gotten working?

I understand that I can perform this type of access control with the
"group"  directive instead of the "set" directive.  I'm mainly interested
in understanding the syntax "set" directive and how it works--especially
the recursive lookups.

- Christoph