[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set syntax on acl

> I will try to understand the right syntax for set parameters, but I dont
> find sample.
> I have read this:
> http://www.openldap.org/lists/openldap-software/200105/msg00270.html
> http://www.openldap.org/faq/data/cache/1133.html
> http://www.openldap.org/faq/data/cache/1134.html
> and I write this acl but it dosnt work :((
> am I wrong?
> access to dn.regex="jvd=([^,]+),o=hosting,dc=example,dc=tld$"
>         by self write
>         by set="user/editAccounts & [true]" write
>         by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
>         by * none
> I think that the postmaster can search and write on the dn children
> his dn
> cn=postmaster,jvd=example.tld,o=hosting,dc=example,dc=tld
> editAccounts=true
> Thanks in advance
> My slapd is 2.1.30-3

The ACL syntax looks correct; I don't know what's the syntax of
editAccounts but I guess it doesn't really matter, although I suggest you
use the normalized form "TRUE" if its syntax is boolean, since, as far as
I recall, string comparison in evaluating sets is case sensitive, so the
string you provide will be compared to the string representation of the
value of editAccount.

However, I think the real issue is with the version of slapd you're using:
I'm not sure sets are handled appropriately in 2.1; you should really use
the latest stable 2.2.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497