[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL set syntaxe with 2 conditions

To: OpenLdap-Software@OpenLDAP.org
Subject: ACL set syntaxe with 2 conditions
From: Stéphane ISNARD <stephane.isnard@iut-tlse3.fr>
Date: Thu, 31 Mar 2005 15:18:22 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.5) Gecko/20031007

Hi all,

I am using the set syntaxe in my ACL and I would like to compare two
attributs (a1 and a2) of the target and the user.
I'd like to authorize in write access only dns who have the same
attribut a1 and the same a2.
(Note: a1 and a2 never have the same value)

With the help of the faq-o-matic "Sets in Access Controls" I wrote the
following rule:

access to ou=...
   by set="(this/a1 & user/a1) & (this/a2 & user/a2)" write
   by * none

And... no match
I suppose that in fact this rule makes the intersection between this/a1,
user/a1, this/a2 and user/a2, obviously there is no match !

I am working with openldap version 2.1, so i cannot use the
concatenation operator "+".

Maybe some of you know how to write the correct set syntaxe, or any
other idea than using set to have such an access rule working.

Thanks for your help

Stephane

Follow-Ups:
- Re: ACL set syntaxe with 2 conditions
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: How to create and import LDIF Files
Next by Date: Plea for Server Side Sorting
Index(es):
- Chronological
- Thread