--On Tuesday, September 27, 2005 3:38 PM +0200 Giuseppe Milano
<[EMAIL PROTECTED]> wrote:
Hi Kurt,
I've experienced the same trouble with SETS switching from 2.1.25 to
2.2.23.
I use SETS to decide which entry a user can see an which he can modify.
This is decided by matching attribute values of user and entry for which
the user wants read/write privileges Here is an example of my ACLS that
use SETS clause on openldap 2.1.25:
access to attr=canExecute
by self read
by users set=(this/executeAccessLevel&user/groupAffiliation) read
by users set=(this/executeAccessLevel&user/userPermission) read
by users set=(this/executeAccessLevel&[Everyone]) read
I've found very userful your article in Faq-O-Matic.
I can't find other information about the SETS clause not working in newer
versions of openldap.
So what I'd like to ask is if you or someone else has found a solution to
use SETS in the newer versions of openldap.
Pierangelo is the one who generally works on sets. Have you tried in
OpenLDAP 2.3.7? The set statements in my ACL's currently work correctly.
by set.exact="this/uid & user/uid" sasl_ssf=56 read
is what I have. It makes me wonder if you need some spaces in your set
statement, and it also looks like you may need to read the updated
documentation on sets.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin
