[Date Prev][Date Next] [Chronological] [Thread] [Top]

control continue on ACL

To: openldap-software@OpenLDAP.org
Subject: control continue on ACL
From: "jehan.procaccia" <jehan.procaccia@int-evry.fr>
Date: Mon, 10 Jan 2005 16:31:53 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922

hello,

if I understand well, ACL works as a first match then stop ! I want bind users and anonymous to read sn & givenName attributes (plus others ...)

access to attr=uid,objectclass,entry,ou,automountInformation,sn,cn,givenName,mail by dn="cn=admin,dc=int-evry,dc=fr" write by dn="cn=replicator,ou=System,dc=int-evry,dc=fr" write by users read by anonymous read

then, later on in the ACL list I want the RH group to have write access to those 2 attributes (sn & givenName) .

access to
       attrs=employeeType,title,departmentNumber,givenName,sn,secretary
       by group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write
       by dn.exact="cn=admin,dc=int-evry,dc=fr" write
       by dn.exact="cn=replicator,ou=System,dc=int-evry,dc=fr" write
       by users read

However, as my binded users get match in the first rule (as users as suppose), the ACL parser never get to this latest "by group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write" :-( .

I don't want to move that lattest ACL before the 1st one, so I tried in the 1st one to put "by users read continue" but I still cannot have write access to sn&gn, worse, I cannot even read lots of things next (entry is dissalowed maybe ?), where "continue" goes ? to the next "by anonymous read" or to the next "acces to ..." or somewhere else ?

Any advice ?

thanks.

Follow-Ups:
- Re: control continue on ACL
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: ldapmodify (and ldapadd) fails
Next by Date: Solaris netgroups and openldap problem was due to nis.schema
Index(es):
- Chronological
- Thread