[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tricky ACL

To: "Kasundra, Digant" <digant@uta.edu>
Subject: Re: Tricky ACL
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 12 Oct 2004 23:33:01 +0200
Cc: openldap-software@OpenLDAP.org
References: <2BF615FBFB12BB47B6501D04376E657A0B0A9F@MAILFS1.uta.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Kasundra, Digant wrote:

I'm using OpenLDAP 2.2.11, which I should probably upgrade to something more recent. In 2.2.11 of slapd.access, set is "undocumented." When it gave me the error, it said:
<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
which made me think I could have several. Anyway, I'll try the head code and see if set works for me.

It should be read: "<attrlist>" can be either "<attr> val[.<style>]=<value>" or "<attr>[,<attr>[...]]". Maybe it can be reworded for clarity...

Sets are undocumented yet (except for a few hints in the FAQ: http://www.openldap.org/faq/data/cache/452.html); however it should work (mostly) as expected in 2.2.11 as well. Try the line I suggested, whihc basically means: match only if the value of the attribute "accountName" in the target is equal to the value of the attribute "uid" in the subject.

Ciao, p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- RE: Tricky ACL
  - From: "Kasundra, Digant" <digant@uta.edu>

Prev by Date: RE: Tricky ACL
Next by Date: Re: Library issue on AIX 5.2
Index(es):
- Chronological
- Thread