Hello again,Since the LDAP attribute spec (RFC4512) doesn't appear to support enumerated types (probably for a good reason) I wanted to see whether this could be imitated using OpenLDAP's access control mechanisms.
I have a custom attribute "transactionCenterAccountStatus" which should only have values "active", "suspended" or "closed".
So I opened slapd.conf and defined the line
access to attrs=transactionCenterAccountStatus
val.regex="active|suspended|closed"
by set="user/transactionCenterRole & [admin]" write
by * read
The "slaptest" command didn't complain, so then I restarted slapd. But
when I login as the designated user and try to set the attribute to one
of the three values I keep getting error 50 - "Insufficient access
rights". Clearly, I must be missing something, but I can't see what? :)
Vlad -- Vladimir Dzhuvinov * www.valan.net * PGP key ID AC9A5C6C
signature.asc
Description: OpenPGP digital signature
