[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Subtree ACL Problem
At 02:15 PM 7/25/00 -0400, Adam Tauno Williams wrote:
>>>=> acl_get: entry (cn=Adam Williams,ou=People,o=Morrison Industries, c=US)
>>>attr (mobile)
>>>------------------------------------------------------------------------
>>>so the interpretation is correct, I should not have write access. What
>>>I don't understand is why it doesn't match rule #3 for which I've
>>>tried both:
>>>-------------------------------------------------------------------------
>>>access to dn=".*,ou=People,o=Morrison Industries,c=US"
>>> attrs=children,entry,uid
>>This rule doesn't apply to attribute 'mobile'
>
>Ok, I think I get it. But I "thought" that "attrs=children,entry" granted
>access to an entire subtree, apparently this is not true. Would something
>like "attrs=children,entry,*" be more appropriate here? Can I use a wild
>card there?
Just don't quality the ACL with attrs. Then it will apply to
the entry, its contents (specific attributes), and rights to
create immediate children of this entry.