[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using forward references and filters in ACLs in OpenLDAP

To: Christoph Neumann <enigma@apu.edu>
Subject: Re: Using forward references and filters in ACLs in OpenLDAP
From: Mads Freek <freek@ruc.dk>
Date: Fri, 19 Jul 2002 12:20:18 +0200
Cc: OpenLDAP-software <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.44.0207180924410.5534-100000@home.apu.edu>

On torsdag, juli 18, 2002, at 06:43 , Christoph Neumann wrote:

Currently, with the "set" directive, you could do this:

access to filter=(invisible=true)
  by set="user/role & [staff]" read
  by set="user/role & [student]" none

I didn't understand the set contruct correctly it seems. I saw it as sets of dn's and couldn't see its use with forward references. When I now read Mark Valences description again it seems to be sets of arbitrary strings - dn's or "ordinary" attribute values. If the final set is empty the set clause fails otherwise it succeeds.

Sans the possibility for wildcards in the by filter construction this seems - as you write - much more powerfull.

I could even be used in the limits part.

You seems to actually understand the set construction so why don't you expand the documentation - for the rest of us?

Regards Mads Freek

------------------------------------------------------
Mads Freek Petersen
Computer Science Department
Roskilde University
Building 42-1, P.O. Box 260, DK-4000 Roskilde, Denmark

Phone:  +45 4674 3882
Fax:    +45 4674 3072
E-mail: freek@ruc.dk

References:
- Re: Using forward references and filters in ACLs in OpenLDAP
  - From: Christoph Neumann <enigma@apu.edu>

Prev by Date: Re: version of openldap server
Next by Date: Net services stop when slapd is down
Index(es):
- Chronological
- Thread