[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's and dynlist confusion

To: Howard Chu <hyc@symas.com>
Subject: Re: ACL's and dynlist confusion
From: Ski Kacoroski <ckacoroski@nsd.org>
Date: Mon, 24 Jul 2006 12:24:41 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <44C516DB.6090601@symas.com>
References: <44C15945.1050506@nsd.org> <44C16D1E.6050900@symas.com> <44C50283.30808@nsd.org> <44C516DB.6090601@symas.com>
User-agent: Thunderbird 1.5.0.4 (X11/20060516)

Howard Chu wrote:

1. Changed ACL to: access to * by group/nsdGroupOfMemberURLs/member="cn=LdapAdmins,ou=Groups,dc=nsd,dc= org" write by * none

To get slapd to start, I had to change the schema definition to include member as an attribute so I am pretty sure this is not correct.
Since it appears you're trying to use a dynamic group, you should have used memberURL not member.
I also saw a brief message where you suggested using the set statement instead of groups because it would be more efficient, but could not get that to work either.
I would never have said any such thing. Sets are notoriously *in*efficient.

Hmm, I obviously misread the post. Thanks for the pointer to use memberURL. That works perfectly. Once I get this thing set up I plan to write up a FAQ.

cheers,

skik

--
"When we try to pick out anything by itself, we find it
 connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, ski@nsd.org, 206-501-9803

Follow-Ups:
- Re: ACL's and dynlist confusion
  - From: Alexander Samad <alex@samad.com.au>

References:
- ACL's and dynlist confusion
  - From: Ski Kacoroski <ckacoroski@nsd.org>
- Re: ACL's and dynlist confusion
  - From: Howard Chu <hyc@symas.com>
- Re: ACL's and dynlist confusion
  - From: Ski Kacoroski <ckacoroski@nsd.org>
- Re: ACL's and dynlist confusion
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: ACL's and dynlist confusion
Next by Date: Re: DN manipulation
Index(es):
- Chronological
- Thread