[Date Prev][Date Next] [Chronological] [Thread] [Top]

aci using domain= problem



I was told I have to post this here.

I'm trying to use an aci to restrict attributes to certain machines, it
doesn't seem to work. No machines can see the attributes including the
machines we want to see them. This is the rule:

access to
               
attrs=mail,mailHost,mailLocalAddress,mailRoutingAddress,entry
        by
                self write
        by
                dn="uid=coredb,ou=people,o=uwm.edu" write
        by
                domain=.*\.csd\.uwm\.edu read

It's pretty much right out of the 2.0 Admin manual. Am I restricted to
only using edu.com in the domain field and not csd.edu.com? If the last
"by" entry is "* read" they can be seen, but that is not what we want. I
also added a "by * none" at the end, that made no difference. and I
tried enclosing .*\.csd\.uwm\.com in double quotes i.e.
".*\.csd\.uwm\.com" to noavail. I've tried this on 2.0.23, 2.0.25, and
2.0.27, all with the same results.

And one last question, can I put an actual machine name in i.e.
machine1.csd.uwm.edu? That's actually what I would like to do.