[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advanced ACL configuration?



On Wednesday,  4. July 2001 09:37, Daniel Tiefnig wrote:
> <stefan@alfredsson.org> wrote...
[...]
> > I'm wondering if ACL's can be built by using information in the LDAP
> > database itself?
[...]
> > Maybe a better solution to define the relationships would be to use
> > the tree structure instead?
> > Then users can be given write access to the subtree?
>
> access to dn=".*,uid=user1,..." by dn="uid=user1,.."

[...]

>   access to *
>     by selfattr=account write

another way is using regexps (untested)
access to dn.subtree="uid=([^,]+),ou=People,o=foobar"
	by dn="uid=$1,ou=People,o=foobar" write stop

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn