[Date Prev][Date Next]
Re: set syntax on acl
Il giorno mar, 28-12-2004 alle 19:18 +0100, Pierangelo Masarati ha
> > I will try to understand the right syntax for set parameters, but I dont
> > find sample.
> > I have read this:
> > http://www.openldap.org/lists/openldap-software/200105/msg00270.html
> > http://www.openldap.org/faq/data/cache/1133.html
> > http://www.openldap.org/faq/data/cache/1134.html
> > and I write this acl but it dosnt work :((
> > am I wrong?
> > access to dn.regex="jvd=([^,]+),o=hosting,dc=example,dc=tld$"
> > by self write
> > by set="user/editAccounts & [true]" write
> > by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
> > by * none
> > I think that the postmaster can search and write on the dn children
> > his dn
> > cn=postmaster,jvd=example.tld,o=hosting,dc=example,dc=tld
> > editAccounts=true
> > Thanks in advance
> > My slapd is 2.1.30-3
> The ACL syntax looks correct; I don't know what's the syntax of
> editAccounts but I guess it doesn't really matter, although I suggest you
> use the normalized form "TRUE" if its syntax is boolean, since, as far as
> I recall, string comparison in evaluating sets is case sensitive, so the
> string you provide will be compared to the string representation of the
> value of editAccount.
editAccounts is a boolean attribute from jamm.schema
But it dont works with TRUE, I will test it within the last stable
version and I will report here for the result
Because my goal is to use a boolean to declare if someone could write or
not in some children without use group.
> However, I think the real issue is with the version of slapd you're using:
> I'm not sure sets are handled appropriately in 2.1; you should really use
> the latest stable 2.2.