[Date Prev][Date Next] [Chronological] [Thread] [Top]

Emulating attribute enumeration

Hello again,

Since the LDAP attribute spec (RFC4512) doesn't appear to support enumerated types (probably for a good reason) I wanted to see whether this could be imitated using OpenLDAP's access control mechanisms.

I have a custom attribute "transactionCenterAccountStatus" which should only have values "active", "suspended" or "closed".

So I opened slapd.conf and defined the line

access to attrs=transactionCenterAccountStatus 	

	by set="user/transactionCenterRole & [admin]" write
	by * read

The "slaptest" command didn't complain, so then I restarted slapd. But when I login as the designated user and try to set the attribute to one of the three values I keep getting error 50 - "Insufficient access rights". Clearly, I must be missing something, but I can't see what? :)


Vladimir Dzhuvinov * www.valan.net * PGP key ID AC9A5C6C

Attachment: signature.asc
Description: OpenPGP digital signature