[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: set syntax on acl
Il giorno mer, 29-12-2004 alle 15:25 +0100, Pierangelo Masarati ha
scritto:
> > editAccounts is a boolean attribute from jamm.schema
> > But it dont works with TRUE, I will test it within the last stable
> > version and I will report here for the result
> > Because my goal is to use a boolean to declare if someone could write or
> > not in some children without use group.
>
> I just recompiled 2.1.30 (re21 from CVS, should be exactly the same), with
>
> attributeType ( 0.1.2.3.4.5.6.7.8.9 NAME 'editAccount'
> DESC 'test'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
>
> and
>
> access to *
> by set="user/editAccount & [true]" read
> by * auth
>
> I added three entries, one with editAccount set to "TRUE", one with
> editAccount set to "FALSE" and the other without editAccount. The one
> with editAccount set to TRUE can search the directory, the others just
> can't. I suspect you're doing something different elsewhere, or the above
> ACL is not even reached. You shoud see with loglevel set to 128 (ACL)
> what's going on.
>
> Note that with HEAD code you need to use the __normalized__ value, i.e.
> you need to use "TRUE" in uppercase form:
>
> access to *
> by set="user/editAccount & [TRUE]" read
> by * auth
Thanks for all, I rewrite step by step all the acl, I dont know if there
is some mistake or some strange caracters in the old file (probably in
my brain :) , but now it works
I work on a debian testing on Powerbook and the version of slapd is
2.1.30-3 other software are
ldap-utils 2.1.30-3
ldapdiff 0.9.2-1
libldap2 2.1.30-3
My acl is now as follow and it WORKS!!
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=amavisBypassVirusChecks
by self read
by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by * none
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=amavisBypassSpamChecks
by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
by self read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by * none
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=accountActive
by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
by self read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by * none
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=delete
by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
by self read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by * none
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=userPassword
by self write
by group/jammPostmaster/roleOccupant.regex="cn=postmaster,jvd=\
$1,o=hosting,dc=example,dc=tld" write
by anonymous auth
by * none
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=example,dc=tld$"\
attr=quota
by set="user/editAccounts & [TRUE]" write
by set="user/editAccounts & [FALSE]" read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by self read
by * none
access to dn.regex="jvd=([^,]+),o=hosting,dc=example,dc=tld$"
by self write
by set="user/editAccounts & [TRUE]" write
by set="user/editAccounts & [FALSE]" read
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by * none
access to dn.children="o=hosting,dc=example,dc=tld$"
by self write
by dn.exact="cn=phamm,o=hosting,dc=example,dc=tld" read
by anonymous auth
by * none
access to *
by * none
Thanks all
> p.
--
ML <ops@klez.it>