[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set ACL specification/syntax

--On Friday, March 06, 2009 4:10 PM -0500 Andrew Cobaugh <phalenor@gmail.com> wrote:

Weird, this isn't matching:

access to dn.children="ou=group,dc=mydoman"
    by set="this/cn & user/uid" write

Instead, it's falling through to the "by * read" entry at the top of the

It doesn't even look like it's trying to match against that ACL, actually.

As documented, ACLs are evaluated in the order they are hit. So if you have a by * read at the top of your ACLs, then of course nothing after that will be evaluated.

I suggest you closely read slapd-access(5).



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration