[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with sets in 2.2.5 (not in 2.1.25)



--On Tuesday, September 27, 2005 3:38 PM +0200 Giuseppe Milano <g.milano@reitek.com> wrote:

Hi Kurt,

I've experienced the same trouble with SETS switching from 2.1.25 to
2.2.23.

I use SETS to decide which entry a user can see an which he can modify.
This is decided by matching attribute values of user and entry for which
the user wants read/write privileges Here is an example of my ACLS that
use SETS clause on openldap 2.1.25:

access to attr=canExecute
 by self read
 by users set=(this/executeAccessLevel&user/groupAffiliation) read
 by users set=(this/executeAccessLevel&user/userPermission) read
 by users set=(this/executeAccessLevel&[Everyone]) read


I've found very userful your article in Faq-O-Matic.
I can't find other information about the SETS clause not working in newer
versions of openldap.

So what I'd like to ask is if you or someone else has found a solution to
use SETS in the newer versions of openldap.

Pierangelo is the one who generally works on sets. Have you tried in OpenLDAP 2.3.7? The set statements in my ACL's currently work correctly.

   by set.exact="this/uid & user/uid" sasl_ssf=56 read

is what I have. It makes me wonder if you need some spaces in your set statement, and it also looks like you may need to read the updated documentation on sets.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin