[389-users] ACI Confusion (New to 389 Came from OL):

[Anthony Messina]

On Saturday 25 July 2009 03:54:57 pm John A. Sullivan III wrote:
> Hmm . . . I've never used an ACI swapping attributes as your are (CN for
> UID) but I would think it should work.  Out of curiosity, if you set the
> user's CN = UID and then rewrite the ACI to be ldap://($dn),....., does
> it work?

Thanks for giving a good stab at this, John.  I tried just changing the "cn" 
for a user without changing the dn to read cn=amessina... (currently, 
eGroupWare expects it to read uid=amessina...)  That did not work.

Is it to be expected, then, that one is not able to do something like:

target = ldap://some_attr=($dn)...

userdn = ldap://some_other_attr=($dn)... or
userdn = ldap://some_other_attr=[$dn]...
???

In short, does the ($dn) macro in the target HAVE TO match the whole portion 
between the commas, like "uid=amessina" rather than just "amessina":

Can it do:
target = ldap://cn=($dn),ou=....
or must it be:
target = ldap://($dn),ou=...

> I'm eager to see what more knowledgeable folks have to say.  Good luck -
> John

I'm thinking that I'll be using the ($attr) or userattr methods, but I'm not 
sure how as the access is based on the tree structure, rather than attributes 
of subcomponent entried:

+-ou=messinet.com,ou=egw,dc=messinet,dc=com
| |
| +-ou=accounts
| | +-uid=amessina
| | +-uid=...
| |
| +-ou=groups
| | +-cn=Default
| | +-cn=...
| |
| +ou=contacts
|   |
|   +-ou=shared
|   | +-cn=default
|   | +-cn=...
|   |
|   +-ou=personal
|     +-cn=amessina
|     +-cn=...


-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090725/bfc73bb4/attachment.sig>