[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Complex access control lists
Let's say I have a branch in my LDAP tree named
"ou=Aliases,dc=mvista,dc=com". Below that are email alias entries that
follow rfc2307 (as created by PADL's MigrationTools). Let's say a member
of a mailing list is under the attribute "rfc822MailMember". Let's also
say that there is an "rfc822MailMember: tomas" entry for dn
"cn:users,ou=Aliases,dc=mvista,dc=com". If there was a dn of
"uid=tomas,ou=People,dc=mvista,dc=com", with "uid=tomas", and I could
either bind with that above dn (uid=tomas,ou=People,dc=mvista,dc=com),
or via SASL/GSSAPI (in which the binding dn would be either "uid=tomas"
or "uid=tomas@MVISTA.COM"; not quite sure which), then with what acl
directive could I use so that I can remove myself from that mailing list
I am an rfc822MailMember of?
Also, I'm not quite sure how "dnattr" works. Could I, for the above
situation, use:
access to dn=".+,ou=Aliases,dc=mvista,dc=com" attrs=rfc822MailMember
by dnattr=rfc822MailMember selfwrite
by * read
>From the Admin Guide I read, it seems to match rfc822MailMember (in the
above directive) with what dn I am bound as. If I bind as
"dn:uid=tomas,ou=People,dc=mvista,dc=com", then do I need to have set
"rfc822MailMember: uid=tomas,ou=People,dc=mvista,dc=com"? Or is it
something else?
Also, let's say there is an entry "rfc822MailMember:
tomas@earthlink.net". If I bind as "uid=tomas", "uid=tomas@MVISTA.COM",
or "uid=tomas,ou=People,dc=mvista,dc=com", then with what access
directive can I remove myself if I have the above entry?
If I have only one attribute I want to grant access to, would I use the
"attrs=" qualifier in the access directive, or "attr="?
Thanks a bunch.
--
Tomas Maly
"IT Freak"
MontaVista Software
(408) 328-8429
tmaly@mvista.com