[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Another ACL question about set usage



    by set.exact="this/frESPCImail &
([ldap:///]+(([ldap:///dc=espci,dc=fr??one?
(frESPCImanager=]+user+[)])/entryDN+[??one])/entryDN)/rfc822mailbox"

I'm trying to understand that set. There is a first step:
ldap:///dc=espci,dc=fr??one?(frESPCImanager=]+user+[)])/entryDN

That retreive the ou's DN for which the user is a manager.
Why can't we write it that way?
([frESPCImanager=]+user)


Let's call OU_MANAGER the result of the above query. We are left with
that second step:

[ldap:///]+OU_MANAGER+[??one])/entryDN)/rfc822mailbox"

We so perform a query for all users' rfc822mailbox within OU_MANAGER.
Again, why the following would be wrong?
([ou=]+OU_MANAGER+[,dc=espci,dc=fr])/rfc822mailbox


Let's call MANAGED_MAILADDR the result of the above operation, the last
operation is 
this/frESPCImail & MANAGED_MAILADDR

That one is obvious to understand, no problem.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org