[Date Prev][Date Next]
Re: filter acl regex
Dusty Doris wrote:
Note that, as far as I can tell, "memberOf" is an Active Directory
operational attribute that is internally maintained to preserve
referential integrity within groups and group members. There's no
equivalent in standard track schemas, to my knowledge. You'll need to
define your own DN-valued attribute, or, for instance, "hijack"
something that may do the trick, e.g. the "seeAlso" attribute, which is
already allowed by "person" and descendants, or so.
To my knowledge, no, and I don't see it as a reasonable approach. The
only thing that gets close to what you mean seems to be "sets", but they
essentially lack arbitrary string concatenation capabilities.
If your entry stored the group's DN instead of its common name, things
would have been quite straightforward. This is the "memberOf" approach,
access to dn.children="ou=users,o=mydomain.com"
by set="user & (this/memberOf)/member" write
That sounds like a good approach. Sets look pretty interesting. I've
been reading about them in the FAQs. Still having trouble grasping it,
but after some more coffee and a few more reads through I hope I'll get
I'm not confined to my original approach, so I'll give it a shot with the
I can file an ITS. I'm still not up to par in understanding sets, so I'llWell, it's a feature request, so you won't get yelled in any case ;)
I'm telling you that feature is not there yet, so it's perfectly
acceptable to request it.
try to get that figured out first. So I know how to accurately describe
what I am asking for in the ITS.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497