[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnattr access rule

To: openldap-software@OpenLDAP.org
Subject: Re: dnattr access rule
From: dju` <dju.ml@elegiac.net>
Date: Mon, 16 Aug 2004 20:48:59 +0200
In-reply-to: <4120B592.5000505@agora.msa.fr>
Organization: [elgc]
References: <411FDF34.9060605@elegiac.net> <1092647822.25538.451.camel@localhost> <41209326.9070202@elegiac.net> <4120B592.5000505@agora.msa.fr>
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040812)

Alexandre Garel wrote:

I've never experiment but I have seen the set FAQ-O-MATIC http://www.openldap.org/faq/data/cache/452.html explaining use of set attributes. Just see it as an hint So you could use a
access to dn="^.*(cn=[^,]+,ou=people,dc=domain,dc=tld)$
by set ="[$1]/seeAlso & user" write
by * none
The set operation is intersection of user dn with dn contained in object at $1 If you want to experiment ! Alex.

haha, thanks a lot, this works very well. sets seems to be very powerful for doing such acl. -- --dju`

References:
- dnattr access rule
  - From: dju` <dju.ml@elegiac.net>
- Re: dnattr access rule
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: dnattr access rule
  - From: dju` <dju.ml@elegiac.net>
- Re: dnattr access rule
  - From: "Alexandre Garel" <garel.alexandre@agora.msa.fr>

Prev by Date: Re: ldap_bind: Invalid credentials (49)
Next by Date: Re: ldbm backend database corruption problem
Index(es):
- Chronological
- Thread