[Date Prev][Date Next] [Chronological] [Thread] [Top]

Emulating attribute enumeration

To: openldap-software@openldap.org
Subject: Emulating attribute enumeration
From: Vladimir Dzhuvinov <vd@valan.net>
Date: Thu, 10 Jul 2008 11:54:54 +0300
User-agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509)

Hello again,

Since the LDAP attribute spec (RFC4512) doesn't appear to support enumerated types (probably for a good reason) I wanted to see whether this could be imitated using OpenLDAP's access control mechanisms.

I have a custom attribute "transactionCenterAccountStatus" which should only have values "active", "suspended" or "closed".

So I opened slapd.conf and defined the line

access to attrs=transactionCenterAccountStatus 	
	  val.regex="active|suspended|closed"

	by set="user/transactionCenterRole & [admin]" write
	by * read

The "slaptest" command didn't complain, so then I restarted slapd. But when I login as the designated user and try to set the attribute to one of the three values I keep getting error 50 - "Insufficient access rights". Clearly, I must be missing something, but I can't see what? :)

Vlad

--
Vladimir Dzhuvinov * www.valan.net * PGP key ID AC9A5C6C

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Emulating attribute enumeration
  - From: Vladimir Dzhuvinov <vd@valan.net>
- Re: Emulating attribute enumeration
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: How to initialize cn=schema,cn=config with the system schema
Next by Date: Re: OpenLDAP 2.4.10 inconsistent performance
Index(es):
- Chronological
- Thread