[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set syntax on acl



Il giorno mer, 29-12-2004 alle 15:25 +0100, Pierangelo Masarati ha
scritto:
> > editAccounts is a boolean attribute from jamm.schema
> > But it dont works with TRUE, I will test it within the last stable
> > version and I will report here for the result
> > Because my goal is to use a boolean to declare if someone could write or
> > not in some children without use group.
> 
> I just recompiled 2.1.30 (re21 from CVS, should be exactly the same), with
> 
> attributeType ( 0.1.2.3.4.5.6.7.8.9 NAME 'editAccount'
>         DESC 'test'
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
> 
> and
> 
> access to *
>         by set="user/editAccount & [true]" read
>         by * auth
> 
> I added three entries, one with editAccount set to "TRUE", one with
> editAccount set to "FALSE" and the other without editAccount.  The one
> with editAccount set to TRUE can search the directory, the others just
> can't.  I suspect you're doing something different elsewhere, or the above
> ACL is not even reached.  You shoud see with loglevel set to 128 (ACL)
> what's going on.
> 
> Note that with HEAD code you need to use the __normalized__ value, i.e.
> you need to use "TRUE" in uppercase form:
> 
> access to *
>         by set="user/editAccount & [TRUE]" read
>         by * auth

Thanks for all, I rewrite step by step all the acl, I dont know if there
is some mistake or some strange caracters in the old file (probably in
my brain :) , but now it works

I work on a debian testing on Powerbook and the version of slapd is
2.1.30-3 other software are
ldap-utils     2.1.30-3
ldapdiff       0.9.2-1
libldap2       2.1.30-3

My acl is now as follow and it WORKS!!


access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=amavisBypassVirusChecks
        by self read
        by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=amavisBypassSpamChecks
        by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
        by self read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=accountActive
        by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
        by self read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=delete
        by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
        by self read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=userPassword
        by self write
        by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
        by anonymous auth
        by * none

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=quota
	by set="user/editAccounts & [TRUE]" write
	by set="user/editAccounts & [FALSE]" read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by self read
        by * none

access to dn.regex="jvd=([^,]+),o=hosting,dc=example,dc=tld$"
        by self write
	by set="user/editAccounts & [TRUE]" write
	by set="user/editAccounts & [FALSE]" read
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
        by * none

access to dn.children="o=hosting,dc=example,dc=tld$"
	by self write
        by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read 
	by anonymous auth
        by * none

access to *
        by * none

Thanks all


> p.

-- 
ML <ops@klez.it>