[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tricky ACL

Kasundra, Digant wrote:

I'm using OpenLDAP 2.2.11, which I should probably upgrade to something more recent. In 2.2.11 of slapd.access, set is "undocumented." When it gave me the error, it said:

<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>

which made me think I could have several. Anyway, I'll try the head code and see if set works for me.

It should be read: "<attrlist>" can be either "<attr> val[.<style>]=<value>" or "<attr>[,<attr>[...]]". Maybe it can be reworded for clarity...

Sets are undocumented yet (except for a few hints in the FAQ: http://www.openldap.org/faq/data/cache/452.html); however it should work (mostly) as expected in 2.2.11 as well. Try the line I suggested, whihc basically means: match only if the value of the attribute "accountName" in the target is equal to the value of the attribute "uid" in the subject.

Ciao, p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497