[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: aci using domain= problem

Do you have reverse name lookups turned on?
With the 2.0 stuff I think its a compile time option, although
I could be wrong I havent played with 2.0.x in a while.

On Fri, Jan 03, 2003 at 10:23:08AM -0600, Curtis J Blank wrote:
> I was told I have to post this here.
> I'm trying to use an aci to restrict attributes to certain machines, it
> doesn't seem to work. No machines can see the attributes including the
> machines we want to see them. This is the rule:
> access to
> attrs=mail,mailHost,mailLocalAddress,mailRoutingAddress,entry
>         by
>                 self write
>         by
>                 dn="uid=coredb,ou=people,o=uwm.edu" write
>         by
>                 domain=.*\.csd\.uwm\.edu read
> It's pretty much right out of the 2.0 Admin manual. Am I restricted to
> only using edu.com in the domain field and not csd.edu.com? If the last
> "by" entry is "* read" they can be seen, but that is not what we want. I
> also added a "by * none" at the end, that made no difference. and I
> tried enclosing .*\.csd\.uwm\.com in double quotes i.e.
> ".*\.csd\.uwm\.com" to noavail. I've tried this on 2.0.23, 2.0.25, and
> 2.0.27, all with the same results.
> And one last question, can I put an actual machine name in i.e.
> machine1.csd.uwm.edu? That's actually what I would like to do.

Ian Logan
Information and Communication Technologies
New Mexico State University
Email: ian@nmsu.edu Phone: 505-646-6034 Fax: 505-646-4560