[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: working whith sets
It's actually relatively simple
access to dn.subtree="ou=people,dc=domain"
filter="(personRole=staff)"
by set="user/personRole & [admin]" write
that should work just fine.
One of the reasons this likely doesn't work is
by set="( this/personRole & [staff] ) & ( user/personRole &
([admin]|[bofh]) )" write
because the & operator is used just like it would be in a binary
operation, not in a logical one. So it determines entries that are in
both the left and right set so what you end up with is a set comparison
like this:
(staff) & (admin|bofh)
Obviously those will never contain the same members and the & operator
will cause an empty list to be returned which is false in sets.
On Thu, 2005-03-17 at 12:40 +0100, José M. Fandiño wrote:
> Dear friends,
>
> How I can permit write access to entries with an attribute
> value by others with other attribute value.
>
> i.e:
>
> permit write access to entries with a "staff" role by
> entries with an "admin" role.
>
> access to dn.subtree="ou=people,dc=domain"
> by set="( this/personRole & [staff] ) & ( user/personRole & ([admin]|[bofh]) )" write
>
> I did several tests but none of them worked.
>
> is it possible with sets?
>
> Thank you.