[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Using forward references and filters in ACLs in OpenLDAP
On torsdag, juli 18, 2002, at 06:43 , Christoph Neumann wrote:
Currently, with the "set" directive, you could do this:
access to filter=(invisible=true)
by set="user/role & [staff]" read
by set="user/role & [student]" none
I didn't understand the set contruct correctly it seems. I saw
it as sets of dn's and couldn't see its use with forward
references. When I now read Mark Valences description again it
seems to be sets of arbitrary strings - dn's or "ordinary"
attribute values. If the final set is empty the set clause fails
otherwise it succeeds.
Sans the possibility for wildcards in the by filter construction
this seems - as you write - much more powerfull.
I could even be used in the limits part.
You seems to actually understand the set construction so why
don't you expand the documentation - for the rest of us?
Regards Mads Freek
------------------------------------------------------
Mads Freek Petersen
Computer Science Department
Roskilde University
Building 42-1, P.O. Box 260, DK-4000 Roskilde, Denmark
Phone: +45 4674 3882
Fax: +45 4674 3072
E-mail: freek@ruc.dk