Setting ACI using Macros

Hi All,
I want to restrict access for each domain to its users emails: A user belonging to a domain has to see the users of its own domain.
Here is my ACI:
(targetattr = "*") (target = "ldap:///($dn),dc=acme,dc=net")(version 3.0;acl "Domain Restriction";deny (read,search)(userdn != "ldap:///[$dn],dc=acme,dc=net??sub?(objectclass=inetOrgPerson)");)
At my surprise, it denies the user to see everything! Can you tell me what's wrong with this ACI. If you have another method than using macros, please say it.
Note that the domains in the tree are below dc=acme,dc=net

Hi,
The matching mechanism for [$dn] is slightly different than for ($dn). The DN of the targeted resource is examined several times, each time dropping the left-most
RDN component, until a match is found.
For example, ACI in the question restrict reading and seaching in DN dc=wharever,dc=acme,dc=net and below.
IF you could create groups or roles for each domain this would be easy.
This ACI give permission to users to access the entries within their group.
targetattr = "*") (target = "ldap:///($dn),dc=acme,dc=net")(version 3.0;acl "Domain Restriction";allow (read,search,write,compare)(groupdn = "ldap:///($dn),dc=acme,dc=net and (objectclass=inetOrgPerson)")
Best Regards,
Ravi

Similar Messages

  • Can I use macros and set values at compiling time?

    Hi, Java uses macros?
    I need control some functionality that only appear while Debugging (Windows specific, Linux specific, GUI's, Env), something like:
    #if DEBUG_WIN
    monitor.showDialog();
    #endif;
    or
    #if DEBUG_NO_X
    monitor.showLog();
    #endif
    Something like C or C++?
    And also set some values at compiling time, or values for the source code?, something, like:
    #define DEVS_NOT_BROKEN
    int devsEnabled = DEVS_NOT_BROKEN;
    Thanks!

    Yes, I think that too.
    But I don't wan't open sources files and modify values. I was thinking in use differents targets in ant's build.xml and easy generate differents debug profiles.
    Also I want set values at compiling time:
    #define SOCKETS_ASKED_FOR
    int sockets = SOCKETS_ASKED_FOR;Thanks, i keep searching solutions, "preprocessor search time".

  • How to use macro's functionality in a programe...?

    hi,
    i am siva,
    i am new to abap,
    i am not having clarity on how to use macro in a programe,
    please send me any source code of a programe which
    contain functionality of macros..?
    and explain functionality of macros...?
    i any of u know answer..
    please send me source code of a programe that use macros...?
    reguars,
    siva.

    Hi,
    <u>Macros:</u>
    If you want to reuse the same set of statements more than once in a program, you can include
    them in a macro. For example, this can be useful for long calculations or complex WRITE
    statements. You can only use a macro within the program in which it is defined, and it can only
    be called in lines of the program following its definition.
    The following statement block defines a macro <macro>:
    DEFINE <macro>.
    <statements>
    END-OF-DEFINITION.
    You must specify complete statements between DEFINE and END-OF-DEFINITION. These
    statements can contain up to nine placeholders (&1, &2, ..., &9). You must define the macro
    before the point in the program at which you want to use it.
    Macros do not belong to the definition part of the program. This means that the DEFINE...ENDOF-
    DEFINITION block is not interpreted before the processing blocks in the program. At the
    same time, however, macros are not operational statements that are executed within a
    processing block at runtime. When the program is generated, macro definitions are not taken
    into account at the point at which they are defined. For this reason, they do not appear in the
    overview of the structure of ABAP programs [Page 44].
    A macro definition inserts a form of shortcut at any point in a program and can be used at any
    subsequent point in the program. As the programmer, you must ensure that the macro
    definition occurs in the program before the macro itself is used. Particular care is required if you
    use both macros and include programs, since not all include programs are included in the syntax
    check (exception: TOP include).
    To use a macro, use the following form:
    <macro> [<p1> <p2> ... <p9>].
    When the program is generated, the system replaces <macro> by the defined statements and
    each placeholder &i by the parameter <pi>. You can use macros within macros. However, a
    macro cannot call itself.
    Ex:
    DATA: RESULT TYPE I,
    N1 TYPE I VALUE 5,
    N2 TYPE I VALUE 6.
    DEFINE OPERATION.
    RESULT = &1 &2 &3.
    OUTPUT &1 &2 &3 RESULT.
    END-OF-DEFINITION.
    DEFINE OUTPUT.
    WRITE: / 'The result of &1 &2 &3 is', &4.
    END-OF-DEFINITION.
    OPERATION 4 + 3.
    OPERATION 2 ** 7.
    OPERATION N2 - N1.
    The produces the following output:
    The result of 4 + 3 is 7
    The result of 2 ** 7 is 128
    The result of N2 - N1 is 1
    Here, two macros, OPERATION and OUTPUT, are defined. OUTPUT is nested in
    OPERATION. OPERATION is called three times with different parameters. Note how
    the placeholders &1, &2, ... are replaced in the macros.
    Regards,
    Bhaskar

  • Using Macro in Excel How to open a SAP directly?

    Hi,
           Can Anyone Suggest and help me to do above Code in Excel,"Using Macro in Excel  How to open SAP directly"
    Example: I want to Open T.CODE: MM01 directly, without login in to SAP, Using Macro, i want to open SAP Directly, Anyone Suggest me how to do it?.............
    I Tried this But it  showing Run time Error'438', Object does not support this property or method........
    VBCODE:
    Dim sap As Object
    Dim conn As Object
    Sub T_login()
    Set sap = CreateObject("SAP.Functions")
    Set conn = sap.Connection
    conn.System = "production"
    conn.client = "800"
    conn.user = "SAPUSER"
    conn.Password = "123456"
    conn.Language = ""
    conn.Tcode = "MM01"
    If conn.logon(0, False) Then
    MsgBox "Logon to the SAP system is not possible", vbOKOnly, "Comment"
    Else
    End If
    If Not IsObject(SapGuiApp) Then
    Set SapGuiApp = CreateObject("Sapgui.ScriptingCtrl.1")
    End If
    If Not IsObject(Connection) Then
    Set Connection = SapGuiApp.OpenConnection("production", True)
    End If
    If Not IsObject(session) Then
    Set session = Connection.Children(0)
    End If
    session.findById("wnd[0]/usr/txtRSYST-MANDT").Text = "CLIENT"
    session.findById("wnd[0]/usr/txtRSYST-BNAME").Text = "USER"
    session.findById("wnd[0]/usr/pwdRSYST-BCODE").Text = "PASSWORD"
    session.findById("wnd[0]/usr/txtRSYST-LANGU").Text = ""
    session.findById("wnd[0]/usr/txtRSYST-LANGU").SetFocus
    session.findById("wnd[0]/usr/txtRSYST-LANGU").caretPosition = 2
    session.findById("wnd[0]").sendVKey 0
    Set wshell = CreateObject("Wscript.Shell")
    wshell.Run Chr(34) & Path & "\script.vbs" & Chr(34), 1, 1
    End Sub
    Anyone send me the Exact code related to this.................
    Its very immediate requirement.................
    Regards
    Karthick

    Hi Karthick,
    You could try the following:
    Sub Test()
    If Not IsObject(SAPguiApp) Then
        Set SAPguiApp = CreateObject("Sapgui.ScriptingCtrl.1")
    End If
    If Not IsObject(Connection) Then
        Set Connection = SAPguiApp.OpenConnection("SYSTEMNAME", True)
    End If
    If Not IsObject(session) Then
        Set session = Connection.Children(0)
    End If
    session.findById("wnd[0]/usr/txtRSYST-MANDT").Text = "123"
    session.findById("wnd[0]/usr/txtRSYST-BNAME").Text = "USER"
    session.findById("wnd[0]/usr/pwdRSYST-BCODE").Text = "PASSWORD"
    session.findById("wnd[0]/usr/txtRSYST-LANGU").Text = "EN"
    session.findById("wnd[0]/usr/txtRSYST-LANGU").SetFocus
    session.findById("wnd[0]/usr/txtRSYST-LANGU").caretPosition = 2
    session.findById("wnd[0]").sendVKey 0
    session.findById("wnd[0]/tbar[0]/okcd").Text = "/nmm01"
    session.findById("wnd[0]").sendVKey 0
    session.findById("wnd[0]").maximize
    MsgBox "If you click on the OK button, the SAP session is terminated."
    End Sub
    SAP GUI should appear in the new design, you must do the following:
    START -> All Programs -> SAP Front End -> SAP GUI Configuration -> Application -> Add -> excel.exe -> Open
    If the program is started from a VBS file, it must be entered here wscript.exe.
    Regards,
    ScriptMan

  • Hi. I am using the iPhone 4S and when I'm searching for places using Google it does not automatically detect my location. How do I change this? FYI...under settings i have it set at "Use new precise locations from my device."

    Hi. I am using the iPhone 4S and when I'm searching for places using Google it does not automatically detect my location. How do I change this? FYI...under settings i have it set at "Use new precise locations from my device."

    If you are missing using google maps - try the Nokia map app called "here"

  • I am trying to use macro express and adobe acrobat 9 profession keeps shutting down, why is this happening?  I tried to run as administrator already as well on both Macro Express and in Adobe and it still keeps shutting down.

    I am trying to use macro express and adobe acrobat 9 profession keeps shutting down, why is this happening?  I tried to run as administrator already as well on both Macro Express and in Adobe and it still keeps shutting down.

    same problem, it's been happening to me for a week or two now i'm thinking about backing up my documents and just wiping it completely, see if that works. Has anyone else tried this? I'm loosing time and have already lost a good few hours of work as it just crashes randomly. need help!!!
    - saving these threads on my favourites cause i'm about to crash . . .

  • I want to set up my Epson printer using an airport and RR router. It was previously set up using a different router through HTC but same printer. How do I do this?

    I want to set up my Epson printer using an Airport and RR router. The same Mac Book and printer was formerly set up using a HTC router. How do I reset computer so it communicates with printer?

    http://support.apple.com/kb/HT3771
    Mac 101: Printing (Mac OS X v10.6)

  • My new ipad was set up using the wrong apple id.  How do i change it to the correct ID so that my iTunes recognizes it as the main device?

    Help!  My new iPad Air was set up using my parents apple ID and iTunes account.  How do i change it to my own ID and iTunes so that it is recognized as the main device?

    Settings > iTunes & App Store > Sign Out.
    Sign in with the correct ID.
    JGreenzang wrote:
    so that it is recognized as the main device?
    There is no such thing.  Please explain what is really meant by the above statement.

  • I have moved to uk from ireland and bought new iphone, set up using my existing Apple ID account and profile but won't let me buy install or update apps??

    I have moved to uk from ireland and bought new iphone, set up using my existing Apple ID account and profile but won't let me buy install or update apps??
    Can anyone advise me on what I need to do?
    My existing account is linked to ireland as my bank account details are there, does this make a difference?
    Please help!

    Until you get a UK bank account and credit card, buy and redeem UK iTunes gift cards for use in the iTunes and Mac App Stores. But you need to switch your region/country to the UK store in your account information, as you can't use UK iTunes gift cards in the Irish stores, the gift cards are country specific.

  • I re-set password using specific user ID but when I put new password in it does not say incorrect password  it just spins and spins never accepting it.  What is the problem?

    I re-set password using specific user ID but when I put new password in it does not say incorrect password  it just spins and spins never accepting it.  What is the problem?

    Update on my problem connecting in Itunes with my Airport Express. Not sure if anything I tried made a difference
    but I finally got the Pop up window saying this device requires a Password. I entered the password and I can once again use the Airport Express as a remote speaker.

  • How to Set and Use a global variable within a session?

    Dear All,
    I'm new to jsp, and would like to ask how to set and use a global variable within a session?
    Thanks in advance.
    Regards,
    Cecil

    With session.setAttribute("name",object) you can store a Attribute in the session object.
    with session.getAttribute("name") you can get it.
    That's it.
    Regards,
    Geri

  • How does one install non-English character sets for use with the "find" function in Acrabat Pro 11?

    I have pdf files in European languages and want to be able to enter non-English characters in the "find" function. How does one install other character sets for use with Acrobat Pro XI?

    Have you tried applying the update by going to Help>Updates within Photoshop Lightroom?  The update should be using the same licensing?  Did you perhaps customize the installation location?  Finally which operating system are you using?

  • Conversions between character sets when using exp and imp utilities

    I use EE8ISO8859P2 character set on my server,
    when exporting database with NLS_LANG not set
    then conversion should be done between
    EE8ISO8859P2 and US7ASCII charsets, so some
    characters not present in US7ASCII should not be
    successfully converted.
    But when I import such a dump, all characters not
    present in US7ASCII charset are imported to the database.
    I thought that some characters should be lost when
    doing such a conversions, can someone tell me why is it not so?

    Not exactly. If the import is done with the same DB character set, then no matter how it has been exported. Conversion (corruption) may happen if the destination DB has a different character set. See this example :
    [ora102 work db102]$ echo $NLS_LANG
    AMERICAN_AMERICA.WE8ISO8859P15
    [ora102 work db102]$ sqlplus test/test
    SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jul 25 14:47:01 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    TEST@db102 SQL> create table test(col1 varchar2(1));
    Table created.
    TEST@db102 SQL> insert into test values(chr(166));
    1 row created.
    TEST@db102 SQL> select * from test;
    C
    ¦
    TEST@db102 SQL> exit
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [ora102 work db102]$ export NLS_LANG=AMERICAN_AMERICA.EE8ISO8859P2
    [ora102 work db102]$ sqlplus test/test
    SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jul 25 14:47:55 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    TEST@db102 SQL> select col1, dump(col1) from test;
    C
    DUMP(COL1)
    ©
    Typ=1 Len=1: 166
    TEST@db102 SQL> exit
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [ora102 work db102]$ echo $NLS_LANG
    AMERICAN_AMERICA.EE8ISO8859P2
    [ora102 work db102]$ exp test/test file=test.dmp tables=test
    Export: Release 10.2.0.1.0 - Production on Tue Jul 25 14:48:47 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    Export done in EE8ISO8859P2 character set and AL16UTF16 NCHAR character set
    server uses WE8ISO8859P15 character set (possible charset conversion)
    About to export specified tables via Conventional Path ...
    . . exporting table                           TEST          1 rows exported
    Export terminated successfully without warnings.
    [ora102 work db102]$ sqlplus test/test
    SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jul 25 14:48:56 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    TEST@db102 SQL> drop table test purge;
    Table dropped.
    TEST@db102 SQL> exit
    Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    [ora102 work db102]$ imp test/test file=test.dmp
    Import: Release 10.2.0.1.0 - Production on Tue Jul 25 14:49:15 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    Export file created by EXPORT:V10.02.01 via conventional path
    import done in EE8ISO8859P2 character set and AL16UTF16 NCHAR character set
    import server uses WE8ISO8859P15 character set (possible charset conversion)
    . importing TEST's objects into TEST
    . importing TEST's objects into TEST
    . . importing table                         "TEST"          1 rows imported
    Import terminated successfully without warnings.
    [ora102 work db102]$ export NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15
    [ora102 work db102]$ sqlplus test/test
    SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jul 25 14:49:34 2006
    Copyright (c) 1982, 2005, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    TEST@db102 SQL> select col1, dump(col1) from test;
    C
    DUMP(COL1)
    ¦
    Typ=1 Len=1: 166
    TEST@db102 SQL>

  • Is "SET TRANSACTION USE ROLLBACK SEGMENT" only a hint

    I have two users, one makes some inserts in a table.
    The other makes a select which visits many rows.
    I have a big rollback-segment.
    To ensure, both users use this rollback-segment I created a logon-trigger:
    CREATE OR REPLACE TRIGGER a_logon AFTER LOGON
    ON DATABASE
    WHEN ( USER IN ( 'SCOTT', 'BOB' ) )
    BEGIN
    SET TRANSACTION USE ROLLBACK SEGMENT rbs_big;
    END;
    But I still get "snapshot to old" messages from the select, which contains the name off an other rollback-segment in the message.
    The trigger really fires, i tested it by adding an insert-statement to a log-table.
    What`s wrong ?

    The set transaction use rollback segment lasts only until you commit or rollback first time and all other transactions in that session will not be forced to that rbs anymore. Other possible solution could be that other users are accessing same tables / updating them so those sessions can't keep the read consistent image available anymore for your sessions.

  • What Is The Best Setting To Use To Import Music?Please Help.

    Hi, All
    I have got an 80GB Apple Video iPod And I am still trying to figure out how to work it as I am new to using iPods.
    What is the best setting to use to import CD Music and Music from the Internet to iTunes?? as I would like to listen to the highest quality there is on iTunes and my 80GB Apple Video iPod.
    The settings are: ACC Encoder, AIFF Encoder, Apple Lossless Encoder, MP3 Encoder, WAV Encoder. If you have not got them to hand.
    Many Thanks For Reading This And Replying To It, Much Appreciated!!
    I Hope You All Have a VERY Merry New Year!!
    Kind Regards, Rocky Robin

    There really is no BEST setting. The "best" setting is the one that sounds the best to you.
    Having said that, you also asked what setting provides the highest quality audio. In that case, you need to use a lossless format, such as AIFF, WAV, or Apple Lossless. MP3 and AAC are both compressed formats, and will not provide as good of an audio quality as a lossless format.
    My personal preference would be Apple Lossless, but any of the lossless formats will produce an almost identical quality to the CD track.
    Keep in mind, the files will be quite large.

Maybe you are looking for