[Date Prev][Date Next] [Chronological] [Thread] [Top]

val/integerMatch="0"



HI!

Maybe I'm doing something obviously wrong but I don't see it.

I want to limit the right to reset a counter value solely to zero with this
ACL directive:

add_content_acl yes
[..]
access to
  dn.subtree="ou=ae-dir"
  filter="(aeStatus=0)"
  attrs=oathHOTPCounter
  val/integerMatch="0"
    by group/aeGroup/member="cn=2fa admins,cn=2fa,ou=ae-dir" write
    by * break
[..]

The modify request looks like this (old value is 10):

dn: serialNumber=yubikey-23,cn=2fa,ou=ae-dir
changetype: modify
replace: oathHOTPCounter
oathHOTPCounter: 0
-

It seems the ACL does not trigger, without the val= part the modification is
allowed (but to any value). I also tried other forms:

  val="0"
  val=0
  val.regex="^0$"

Can somebody help me? Thanks in advance.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature