[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set ACL specification/syntax

--On Friday, March 06, 2009 4:04 PM -0500 Andrew Cobaugh <phalenor@gmail.com> wrote:

On Fri, Mar 6, 2009 at 3:57 PM, Quanah Gibson-Mount <quanah@zimbra.com>
--On Friday, March 06, 2009 3:46 PM -0500 Andrew Cobaugh
<phalenor@gmail.com> wrote:

Hi all,

I think the set clause should at least be based on something like,
set="this/cn & user/uid" but with extra stuff in there to require a
colon and one or more characters only.

Add a second cn value to the entry that matches the uid. ÂThat way this/cn would match. Âcn is multivalued afterall. ;)

Hmm, not sure that would work, as there are already entries like that (everyone gets a group that matches their uid, which becomes their primary posix group).

Let me try it and see if it breaks anything...

Please keep replies on the list.

If you set the cn value on every group they are supposed to be able to write to, then they'll be able to write to any of those groups. I.e., "this/cn" is the group entry in question. I'm assuming you want them to be able to write to any group they have control of. If you don't, then simply remove the cn=uid value from the group.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration