[Date Prev][Date Next]
Re: Tricky ACL
Kasundra, Digant wrote:
I'm using OpenLDAP 2.2.11, which I should probably upgrade to
something more recent. In 2.2.11 of slapd.access, set is
"undocumented." When it gave me the error, it said:It should be read: "<attrlist>" can be either "<attr>
val[.<style>]=<value>" or "<attr>[,<attr>[...]]". Maybe it can be
reworded for clarity...
<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
which made me think I could have several. Anyway, I'll try the head
code and see if set works for me.
Sets are undocumented yet (except for a few hints in the FAQ:
http://www.openldap.org/faq/data/cache/452.html); however it should work
(mostly) as expected in 2.2.11 as well. Try the line I suggested, whihc
basically means: match only if the value of the attribute "accountName"
in the target is equal to the value of the attribute "uid" in the subject.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497