Hello
How can I specify that a set of users that have some attribute value set can modify an object?
For instance, if I want users that march &(a1=v1)(a2=v2)(a3=v3), I can write this:
access to ... by set.exact="user/a1 + user/a2 + user/a3 & [v1v2v3]" write
I would bet money there is an easier way. Any suggestion?
Emmanuel Dreyfus writes:
For instance, if I want users that march &(a1=v1)(a2=v2)(a3=v3), I can write this:
access to ... by set.exact="user/a1 + user/a2 + user/a3 & [v1v2v3]" write
"by" takes multiple expressions and "and"s them, so this should work:
access to ... by set.exact="user/a1 & [v1]" set.exact="user/a2 & [v2]" set.exact="user/a3 & [v3]" read
Note - one "by", not three.
Hallvard B Furuseth wrote:
Emmanuel Dreyfus writes:
For instance, if I want users that march &(a1=v1)(a2=v2)(a3=v3), I can write this:
access to ... by set.exact="user/a1 + user/a2 + user/a3 & [v1v2v3]" write
"by" takes multiple expressions and "and"s them,
... but only of different type; in fact, the related structure allows exactly one instance of each type of "by".
so this should work:
access to ... by set.exact="user/a1 & [v1]" set.exact="user/a2 & [v2]" set.exact="user/a3 & [v3]" read
Note - one "by", not three.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
openldap-software@openldap.org
-
Emmanuel Dreyfus -
Hallvard B Furuseth -
Pierangelo Masarati