I'm setting an OpenLDAP server, for small company For historical reason each users in ths company has two email address user@domain and user@olddomain.
Both address are used for sending and receiving email Howver we want to make sure that only the user@domain ones are show in the address book of squirellmail So I thaught of an ACL like this
access to attrs=mail matchingRule.regex="@domain" by peername "ip.of.web.mail" none by * read
But this seems to have no effect. I need some example or tips for debugging this problem. Thanks
Andres
First off, I'm not sure if you're expecting to hit a matchingRule. Aren't you looking for a value (i.e "val.regex" instead)? Maybe try that first.
It seems like lots of people get the ordering wrong; you could try posting your whole list of ACLs here and see if anybody reads it right. But it's more enlightening to post that along with "slapd -d acl" output of an access gone "wrong" versus your expectations. slapd -d acl is quite useful, you might be able to figure it out yourself based off its output. Of course, there's always the slapacl program too.
Examples can be found in the tests/ directory of the source tarball.
On Wed, 11 Oct 2006, Andres Tarallo wrote:
I'm setting an OpenLDAP server, for small company For historical reason each users in ths company has two email address user@domain and user@olddomain.
Both address are used for sending and receiving email Howver we want to make sure that only the user@domain ones are show in the address book of squirellmail So I thaught of an ACL like this
access to attrs=mail matchingRule.regex="@domain" by peername "ip.of.web.mail" none by * read
But this seems to have no effect. I need some example or tips for debugging this problem. Thanks
Andres
A/P Andres Tarallo Universidad ORT Uruguay
openldap-software@openldap.org
-
Aaron Richton -
Andres Tarallo