[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL set syntaxe with 2 conditions

Hi all,

I am using the set syntaxe in my ACL and I would like to compare two
attributs (a1 and a2) of the target and the user.
I'd like to authorize in write access only dns who have the same
attribut a1 and the same a2.
(Note: a1 and a2 never have the same value)

With the help of the faq-o-matic "Sets in Access Controls" I wrote the
following rule:

access to ou=...
   by set="(this/a1 & user/a1) & (this/a2 & user/a2)" write
   by * none

And... no match
I suppose that in fact this rule makes the intersection between this/a1,
user/a1, this/a2 and user/a2, obviously there is no match !

I am working with openldap version 2.1, so i cannot use the
concatenation operator "+".

Maybe some of you know how to write the correct set syntaxe, or any
other idea than using set to have such an access rule working.

Thanks for your help