[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with sets in 2.2.5 (not in 2.1.25)

Giuseppe Milano wrote:
Hi to all,

Ok, ACL SETS seems to work fine in normal conditions but i can't understand why in some cases they differ form older versions of openldap.

For example I can't understand why acl and sets fail in this condition:

My ACL is:
access to dn.regex="^ou=(.+),ou=x2x,dc=intesa,dc=it"
 by users set=(user/x2xTenant&[$1]) read

when i search for "ou=all,ou=x2x,dc=intesa,dc=it" with user "cn=anastacia,ou=People,ou=all,ou=x2x,dc=intesa,dc=it" no entry was returned.
In 2.1 the set style defaulted to regex, in 2.2 it defaults to exact. So you need to explicitly specify
by users set.regex=(user/x2xTenant&[$1]) read
to get this working in 2.2.

By the way, 2.2.28 is the latest 2.2 release. Since you're upgrading anyway, you definitely should not be using something as old as 2.2.5.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/