[Date Prev][Date Next]
Re: working whith sets
It's actually relatively simple
access to dn.subtree="ou=people,dc=domain"
by set="user/personRole & [admin]" write
that should work just fine.
One of the reasons this likely doesn't work is
by set="( this/personRole & [staff] ) & ( user/personRole &
([admin]|[bofh]) )" write
because the & operator is used just like it would be in a binary
operation, not in a logical one. So it determines entries that are in
both the left and right set so what you end up with is a set comparison
(staff) & (admin|bofh)
Obviously those will never contain the same members and the & operator
will cause an empty list to be returned which is false in sets.
On Thu, 2005-03-17 at 12:40 +0100, José M. Fandiño wrote:
> Dear friends,
> How I can permit write access to entries with an attribute
> value by others with other attribute value.
> permit write access to entries with a "staff" role by
> entries with an "admin" role.
> access to dn.subtree="ou=people,dc=domain"
> by set="( this/personRole & [staff] ) & ( user/personRole & ([admin]|[bofh]) )" write
> I did several tests but none of them worked.
> is it possible with sets?
> Thank you.