On 22/2/2012 6:27 μμ, Nick Milas wrote:
Can someone more experienced with sets, please comment on it (confirm or correct it)?
I have tried to make it more precise. So, assuming the schema is as follows (OIDs are hypothetical), can someone comment on the following (modified accordingly) access list?
Thanks, Nick
============= ACL =======================
access to <some entries> <some attributes> by set="this/writeAccessEntities/member* & user" write by set="this/readAccessEntities/member* & user" read by set="this/searchAccessEntities/member* & user" search
============= Schema ====================
attributetype ( 4.3.6.1.4.1.50000.4.1.11 NAME 'writeAccessEntities' DESC 'DNs of Groups which should be allowed write (full) access to this entry' SUP distinguishedName )
attributetype ( 4.3.6.1.4.1.50000.4.1.12 NAME 'readAccessEntities' DESC 'DNs of Groups which should be allowed read (read-only) accessto this entry' SUP distinguishedName )
attributetype ( 4.3.6.1.4.1.50000.4.1.13 NAME 'searchAccessEntities' DESC 'DNs of Groups which should be allowed search (search-only) accessto this entry' SUP distinguishedName )
objectclass ( 4.3.6.1.4.1.50000.4.2.101 NAME 'entryAccessEntities' DESC 'Allow access to the entry, to which this class is added, to the entities specified as the values (DNs) of this class attributes' SUP top AUXILIARY MAY ( writeAccessEntities$ readAccessEntities$ searchAccessEntities) )
========================================