[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advanced ACL configuration?

To: "Daniel Tiefnig" <daniel.tiefnig@infonova.at>, "Daniel Tiefnig" <openldap@qmail.infonova.at>, openldap-software@OpenLDAP.org
Subject: Re: Advanced ACL configuration?
From: Stephan Siano <stephan.siano@suse.de>
Date: Wed, 4 Jul 2001 09:52:28 +0200
In-reply-to: <9hufck$6f6$1@qmail.infonova.at>
References: <20010704083912.A12639@sa-pc.cs.kau.se> <9hufck$6f6$1@qmail.infonova.at>

On Wednesday,  4. July 2001 09:37, Daniel Tiefnig wrote:
> <stefan@alfredsson.org> wrote...
[...]
> > I'm wondering if ACL's can be built by using information in the LDAP
> > database itself?
[...]
> > Maybe a better solution to define the relationships would be to use
> > the tree structure instead?
> > Then users can be given write access to the subtree?
>
> access to dn=".*,uid=user1,..." by dn="uid=user1,.."

[...]

>   access to *
>     by selfattr=account write

another way is using regexps (untested)
access to dn.subtree="uid=([^,]+),ou=People,o=foobar"
	by dn="uid=$1,ou=People,o=foobar" write stop

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn

References:
- Advanced ACL configuration?
  - From: stefan@alfredsson.org
- Re: Advanced ACL configuration?
  - From: "Daniel Tiefnig" <openldap@qmail.infonova.at>

Prev by Date: Re: Advanced ACL configuration?
Next by Date: Replication with SSL/TLS
Index(es):
- Chronological
- Thread