[Date Prev][Date Next] [Chronological] [Thread] [Top]

set=<setspec>

To: openldap-software@OpenLDAP.org
Subject: set=<setspec>
From: Christoph Neumann <enigma@apu.edu>
Date: Wed, 30 Jan 2002 09:54:36 -0800 (PST)

I cannot get the "set=<setspec>" access control directive to work.  I have 
read through the note at:

http://www.openldap.org/faq/data/cache/452.html

I have a rule that says this:

access to dn.subtree="ou=Test,dc=apu,dc=edu"
  by set="[cn=TestGroup,dc=apu,dc=edu].uniqueMember & user" read
  by * none

Where "cn=TestGroup" is a groupOfUniqueNames.

If I bind as a user listed in "TestGroup", I cannot read any information
in the "Test" tree.  Do I have the syntax incorrect?  Does anyone have a
good example of this that they have gotten working?

I understand that I can perform this type of access control with the
"group"  directive instead of the "set" directive.  I'm mainly interested
in understanding the syntax "set" directive and how it works--especially
the recursive lookups.

- Christoph

Follow-Ups:
- Re: set=<setspec>
  - From: Christoph Neumann <enigma@apu.edu>

Prev by Date: Re: Antwort: Re: Antwort: Re: Changing User Password with ldappasswd
Next by Date: Re: set=<setspec>
Index(es):
- Chronological
- Thread