Giuseppe Milano wrote:
Hi to all,
Ok, ACL SETS seems to work fine in normal conditions but i can't understand why
in some cases they differ form older versions of openldap.
For example I can't understand why acl and sets fail in this condition:
My ACL is:
access to dn.regex="^ou=(.+),ou=x2x,dc=intesa,dc=it"
by users set=(user/x2xTenant&[$1]) read
when i search for "ou=all,ou=x2x,dc=intesa,dc=it" with user
"cn=anastacia,ou=People,ou=all,ou=x2x,dc=intesa,dc=it" no entry was returned.
In 2.1 the set style defaulted to regex, in 2.2 it defaults to exact. So
you need to explicitly specify
by users set.regex=(user/x2xTenant&[$1]) read
to get this working in 2.2.
By the way, 2.2.28 is the latest 2.2 release. Since you're upgrading
anyway, you definitely should not be using something as old as 2.2.5.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
