[Date Prev][Date Next] [Chronological] [Thread] [Top]

control continue on ACL



hello,

if I understand well, ACL works as a first match then stop !
I want bind users and anonymous to read sn & givenName attributes (plus others ...)


access to attr=uid,objectclass,entry,ou,automountInformation,sn,cn,givenName,mail
by dn="cn=admin,dc=int-evry,dc=fr" write
by dn="cn=replicator,ou=System,dc=int-evry,dc=fr" write
by users read
by anonymous read


then, later on in the ACL list I want the RH group to have write access to those 2 attributes (sn & givenName) .

access to
       attrs=employeeType,title,departmentNumber,givenName,sn,secretary
       by group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write
       by dn.exact="cn=admin,dc=int-evry,dc=fr" write
       by dn.exact="cn=replicator,ou=System,dc=int-evry,dc=fr" write
       by users read

However, as my binded users get match in the first rule (as users as suppose), the ACL parser never get to this latest "by group="cn=RH,ou=Groups,dc=int-evry,dc=fr" write" :-( .

I don't want to move that lattest ACL before the 1st one, so I tried in the 1st one to put "by users read continue" but I still cannot have write access to sn&gn, worse, I cannot even read lots of things next (entry is dissalowed maybe ?), where "continue" goes ? to the next "by anonymous read" or to the next "acces to ..." or somewhere else ?

Any advice ?

thanks.