[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: problem with sets in 2.2.5 (not in 2.1.25)
On Tue, 2005-09-27 at 13:25 -0700, Quanah Gibson-Mount wrote:
>
> --On Tuesday, September 27, 2005 3:38 PM +0200 Giuseppe Milano
> <g.milano@reitek.com> wrote:
>
> > Hi Kurt,
> >
> > I've experienced the same trouble with SETS switching from 2.1.25 to
> > 2.2.23.
> >
> > I use SETS to decide which entry a user can see an which he can modify.
> > This is decided by matching attribute values of user and entry for which
> > the user wants read/write privileges Here is an example of my ACLS that
> > use SETS clause on openldap 2.1.25:
> >
> > access to attr=canExecute
> > by self read
> > by users set=(this/executeAccessLevel&user/groupAffiliation) read
> > by users set=(this/executeAccessLevel&user/userPermission) read
> > by users set=(this/executeAccessLevel&[Everyone]) read
> >
> >
> > I've found very userful your article in Faq-O-Matic.
> > I can't find other information about the SETS clause not working in newer
> > versions of openldap.
> >
> > So what I'd like to ask is if you or someone else has found a solution to
> > use SETS in the newer versions of openldap.
>
> Pierangelo is the one who generally works on sets. Have you tried in
> OpenLDAP 2.3.7? The set statements in my ACL's currently work correctly.
>
> by set.exact="this/uid & user/uid" sasl_ssf=56 read
>
> is what I have. It makes me wonder if you need some spaces in your set
> statement, and it also looks like you may need to read the updated
> documentation on sets.
No; they look just fine, and work as expected in HEAD. I note few
issues where fixed win 2.2.12 and 2.2.16 according to the changelog;
there might have been other changes, not directly related to sets, that
are not logged. I'd carefully look at logs with -d 64 (config) and -d
128 (acl) to see what happens when the sets are parsed and then used.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497