[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnattr access rule

Alexandre Garel wrote:
I've never experiment but I have seen the set FAQ-O-MATIC http://www.openldap.org/faq/data/cache/452.html explaining use of set attributes. Just see it as an hint
So you could use a

access to dn="^.*(cn=[^,]+,ou=people,dc=domain,dc=tld)$
by set ="[$1]/seeAlso & user" write
by * none

The set operation is intersection of user dn with dn contained in object at $1
If you want to experiment !

haha, thanks a lot, this works very well. sets seems to be very powerful for doing such acl.