[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set syntax on acl



Il giorno mar, 28-12-2004 alle 19:18 +0100, Pierangelo Masarati ha
scritto:
> > I will try to understand the right syntax for set parameters, but I dont
> > find sample.
> > I have read this:
> > http://www.openldap.org/lists/openldap-software/200105/msg00270.html
> > http://www.openldap.org/faq/data/cache/1133.html
> > http://www.openldap.org/faq/data/cache/1134.html
> >
> > and I write this acl but it dosnt work :((
> > am I wrong?
> >
> > access to dn.regex="jvd=([^,]+),o=hosting,dc=example,dc=tld$"
> >         by self write
> >         by set="user/editAccounts & [true]" write
> >         by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
> >         by * none
> >
> > I think that the postmaster can search and write on the dn children
> >
> > his dn
> > cn=postmaster,jvd=example.tld,o=hosting,dc=example,dc=tld
> > editAccounts=true
> >
> >
> > Thanks in advance
> >
> > My slapd is 2.1.30-3
> 
> The ACL syntax looks correct; I don't know what's the syntax of
> editAccounts but I guess it doesn't really matter, although I suggest you
> use the normalized form "TRUE" if its syntax is boolean, since, as far as
> I recall, string comparison in evaluating sets is case sensitive, so the
> string you provide will be compared to the string representation of the
> value of editAccount.
editAccounts is a boolean attribute from jamm.schema
But it dont works with TRUE, I will test it within the last stable
version and I will report here for the result
Because my goal is to use a boolean to declare if someone could write or
not in some children without use group.

> 
> However, I think the real issue is with the version of slapd you're using:
> I'm not sure sets are handled appropriately in 2.1; you should really use
> the latest stable 2.2.
> 
> p.
> 
-- 
ML <ops@klez.it>