Am Dienstag 02 November 2010, 16:57:38 schrieb Benjamin Griese: > Hello Ralf, > > nice to know that someone from Novell is reading here, too. > > Currently I have opened up a Service Request regarding this topic at > Novells Suport Center and pointed that out as a Feature Request but > also as problem I and other people have and are lookinf for a > workaround. The feature request is regarding build the overlays as dynamic modules, I guess? Yes that's something we are looking into as well. But for this special SSS/VLV issue there is already a fix in CVS which I we will most probably include in our packages. Changing from static overlays to dynamic overlays is unlikely to happen during the SLES11 timeframe I think (but we are getting off topic ...) > Too bad I am really low experienced in building complex ACLs to filter > stuff like this, maybe someone else is able to help us (James and me) > to workaround that problem. Something like this should work:
access to dn.base="" attrs=supportedControl val/objectIdentifierMatch=1.2.840.113556.1.4.473 by * none access to dn.base="" attrs=supportedControl val/objectIdentifierMatch=2.16.840.1.113730.3.4.9 by * none I just found out however that there seems to be a bug in the ACL code when the above ACL appear as the first ACL in the configuration :(. I am still trying to track down that problem. So please make sure to have another ACL before them (one that doesn't apply to the "supportedControl" Attribute of course). > I'll give it a shot and let you know if it's working or not. :) Good luck. Ralf -- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
