[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: working whith sets



It's actually relatively simple

access to dn.subtree="ou=people,dc=domain"
  filter="(personRole=staff)"
  by set="user/personRole & [admin]" write

that should work just fine.

One of the reasons this likely doesn't work is
by set="( this/personRole & [staff]  ) & ( user/personRole &
([admin]|[bofh]) )" write

because the & operator is used just like it would be in a binary
operation, not in a logical one. So it determines entries that are in
both the left and right set so what you end up with is a set comparison
like this:

(staff) & (admin|bofh)

Obviously those will never contain the same members and the & operator
will cause an empty list to be returned which is false in sets.

On Thu, 2005-03-17 at 12:40 +0100, José M. Fandiño wrote:
> Dear friends,
> 
> How I can permit write access to entries with an attribute 
> value by others with other attribute value.
>  
> i.e:
> 
> permit write access to entries with a "staff" role by
> entries with an "admin" role.
> 
> access to dn.subtree="ou=people,dc=domain"
>    by set="( this/personRole & [staff]  ) & ( user/personRole & ([admin]|[bofh]) )" write
> 
> I did several tests but none of them worked.
> 
> is it possible with sets?
> 
> Thank you.