Hi Kurt,
I've experienced the same trouble with SETS switching from 2.1.25 to
2.2.23.
I use SETS to decide which entry a user can see an which he can modify.
This is decided by matching attribute values of user and entry for which
the user wants read/write privileges Here is an example of my ACLS that
use SETS clause on openldap 2.1.25:
access to attr=canExecute
by self read
by users set=(this/executeAccessLevel&user/groupAffiliation) read
by users set=(this/executeAccessLevel&user/userPermission) read
by users set=(this/executeAccessLevel&[Everyone]) read
I've found very userful your article in Faq-O-Matic.
I can't find other information about the SETS clause not working in newer
versions of openldap.
So what I'd like to ask is if you or someone else has found a solution to
use SETS in the newer versions of openldap.