[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subtree ACL Problem



At 02:15 PM 7/25/00 -0400, Adam Tauno Williams wrote:
>>>=> acl_get: entry (cn=Adam Williams,ou=People,o=Morrison Industries, c=US)
>>>attr (mobile)
>>>------------------------------------------------------------------------
>>>so the interpretation is correct, I should not have write access.  What
>>>I don't understand is why it doesn't match rule #3 for which I've
>>>tried both:
>>>-------------------------------------------------------------------------
>>>access to dn=".*,ou=People,o=Morrison Industries,c=US"
>>>  attrs=children,entry,uid
>>This rule doesn't apply to attribute 'mobile' 
>
>Ok, I think I get it.  But I "thought" that "attrs=children,entry" granted
>access to an entire subtree, apparently this is not true.  Would something
>like "attrs=children,entry,*" be more appropriate here?  Can I use a wild 
>card there?

Just don't quality the ACL with attrs.  Then it will apply to
the entry, its contents (specific attributes), and rights to
create immediate children of this entry.