[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using forward references and filters in ACLs in OpenLDAP



On torsdag, juli 18, 2002, at 06:43 , Christoph Neumann wrote:
Currently, with the "set" directive, you could do this:

access to filter=(invisible=true)
  by set="user/role & [staff]" read
  by set="user/role & [student]" none

I didn't understand the set contruct correctly it seems. I saw it as sets of dn's and couldn't see its use with forward references. When I now read Mark Valences description again it seems to be sets of arbitrary strings - dn's or "ordinary" attribute values. If the final set is empty the set clause fails otherwise it succeeds.


Sans the possibility for wildcards in the by filter construction this seems - as you write - much more powerfull.

I could even be used in the limits part.

You seems to actually understand the set construction so why don't you expand the documentation - for the rest of us?

Regards Mads Freek

------------------------------------------------------
Mads Freek Petersen
Computer Science Department
Roskilde University
Building 42-1, P.O. Box 260, DK-4000 Roskilde, Denmark

Phone:  +45 4674 3882
Fax:    +45 4674 3072
E-mail: freek@ruc.dk