On Saturday 25 July 2009 03:54:57 pm John A. Sullivan III wrote: > Hmm . . . I've never used an ACI swapping attributes as your are (CN for > UID) but I would think it should work. Out of curiosity, if you set the > user's CN = UID and then rewrite the ACI to be ldap://($dn),....., does > it work? Thanks for giving a good stab at this, John. I tried just changing the "cn" for a user without changing the dn to read cn=amessina... (currently, eGroupWare expects it to read uid=amessina...) That did not work. Is it to be expected, then, that one is not able to do something like: target = ldap://some_attr=($dn)... userdn = ldap://some_other_attr=($dn)... or userdn = ldap://some_other_attr=[$dn]... ??? In short, does the ($dn) macro in the target HAVE TO match the whole portion between the commas, like "uid=amessina" rather than just "amessina": Can it do: target = ldap://cn=($dn),ou=.... or must it be: target = ldap://($dn),ou=... > I'm eager to see what more knowledgeable folks have to say. Good luck - > John I'm thinking that I'll be using the ($attr) or userattr methods, but I'm not sure how as the access is based on the tree structure, rather than attributes of subcomponent entried: +-ou=messinet.com,ou=egw,dc=messinet,dc=com | | | +-ou=accounts | | +-uid=amessina | | +-uid=... | | | +-ou=groups | | +-cn=Default | | +-cn=... | | | +ou=contacts | | | +-ou=shared | | +-cn=default | | +-cn=... | | | +-ou=personal | +-cn=amessina | +-cn=... -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090725/bfc73bb4/attachment.bin
