[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Another ACL question about set usage
by set.exact="this/frESPCImail &
([ldap:///]+(([ldap:///dc=espci,dc=fr??one?
(frESPCImanager=]+user+[)])/entryDN+[??one])/entryDN)/rfc822mailbox"
I'm trying to understand that set. There is a first step:
ldap:///dc=espci,dc=fr??one?(frESPCImanager=]+user+[)])/entryDN
That retreive the ou's DN for which the user is a manager.
Why can't we write it that way?
([frESPCImanager=]+user)
Let's call OU_MANAGER the result of the above query. We are left with
that second step:
[ldap:///]+OU_MANAGER+[??one])/entryDN)/rfc822mailbox"
We so perform a query for all users' rfc822mailbox within OU_MANAGER.
Again, why the following would be wrong?
([ou=]+OU_MANAGER+[,dc=espci,dc=fr])/rfc822mailbox
Let's call MANAGED_MAILADDR the result of the above operation, the last
operation is
this/frESPCImail & MANAGED_MAILADDR
That one is obvious to understand, no problem.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org