[389-users] ACI Confusion (New to 389 Came from OL):
Anthony Messina
amessina at messinet.com
Sun Jul 26 05:00:53 UTC 2009
On Saturday 25 July 2009 06:17:27 pm John A. Sullivan III wrote:
> As I mentioned, I've never tried it using just the value and swapping
> attributes. I would expect it would work. We have used variable
> substitution very successfully in some quite complex ACIs.
>
> (target = "ldap:///($dn),o=internal,dc=ssiservices,dc=biz")(targetattr !
> = "sambaLMPassword || sambaNTPassword || userPassword") (version 3.0;acl
> "Client Internal Directory Searcher";allow (read,compare,search)(userdn
> = "ldap:///uid=*dsearcher, [$dn],o=sysaccounts,dc=ssiservices,dc=biz");)
>
> I would have thought what you were doing would work just as you
> described. The biggest problem we have faced is not being able to use
> wildcards in groupdn although we can in userdn.
>
> I can say that using the complete attribute does work as advertised.
> Hopefully the gurus will return to the list soon! I'd like to know why
> what you have proposed doesn't work. Good luck - John
<more snippage>
I have gotten much closer. I think I'll need to tighten them up a bit
(parents/children/etc), but here's where I got so far...
http://messinet.com/trac/egw/browser/README.389DS
Thanks for your help. If you think of anything else, let me know. I surely
wouldn't call this solved. -A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090726/12c77539/attachment.sig>
More information about the Fedora-directory-users
mailing list