[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
aci using domain= problem
- To: openldap-software@OpenLDAP.org
- Subject: aci using domain= problem
- From: Curtis J Blank <curt@uwm.edu>
- Date: Fri, 03 Jan 2003 10:23:08 -0600
- Organization: University of Wisconsin - Milwaukee - Technical Solutions - Information & Media Technology
I was told I have to post this here.
I'm trying to use an aci to restrict attributes to certain machines, it
doesn't seem to work. No machines can see the attributes including the
machines we want to see them. This is the rule:
access to
attrs=mail,mailHost,mailLocalAddress,mailRoutingAddress,entry
by
self write
by
dn="uid=coredb,ou=people,o=uwm.edu" write
by
domain=.*\.csd\.uwm\.edu read
It's pretty much right out of the 2.0 Admin manual. Am I restricted to
only using edu.com in the domain field and not csd.edu.com? If the last
"by" entry is "* read" they can be seen, but that is not what we want. I
also added a "by * none" at the end, that made no difference. and I
tried enclosing .*\.csd\.uwm\.com in double quotes i.e.
".*\.csd\.uwm\.com" to noavail. I've tried this on 2.0.23, 2.0.25, and
2.0.27, all with the same results.
And one last question, can I put an actual machine name in i.e.
machine1.csd.uwm.edu? That's actually what I would like to do.