[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
control continue on ACL
hello,
if I understand well, ACL works as a first match then stop !
I want bind users and anonymous to read sn & givenName attributes (plus
others ...)
access to
attr=uid,objectclass,entry,ou,automountInformation,sn,cn,givenName,mail
by dn="cn=admin,dc=int-evry,dc=fr" write
by dn="cn=replicator,ou=System,dc=int-evry,dc=fr" write
by users read
by anonymous read
then, later on in the ACL list I want the RH group to have write access
to those 2 attributes (sn & givenName) .
access to
attrs=employeeType,title,departmentNumber,givenName,sn,secretary
by group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write
by dn.exact="cn=admin,dc=int-evry,dc=fr" write
by dn.exact="cn=replicator,ou=System,dc=int-evry,dc=fr" write
by users read
However, as my binded users get match in the first rule (as users as
suppose), the ACL parser never get to this latest "by
group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write" :-( .
I don't want to move that lattest ACL before the 1st one, so I tried in
the 1st one to put "by users read continue" but I still cannot have
write access to sn&gn, worse, I cannot even read lots of things next
(entry is dissalowed maybe ?), where "continue" goes ? to the next "by
anonymous read" or to the next "acces to ..." or somewhere else ?
Any advice ?
thanks.