[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Advanced ACL configuration?
On Wednesday, 4. July 2001 09:37, Daniel Tiefnig wrote:
> <stefan@alfredsson.org> wrote...
[...]
> > I'm wondering if ACL's can be built by using information in the LDAP
> > database itself?
[...]
> > Maybe a better solution to define the relationships would be to use
> > the tree structure instead?
> > Then users can be given write access to the subtree?
>
> access to dn=".*,uid=user1,..." by dn="uid=user1,.."
[...]
> access to *
> by selfattr=account write
another way is using regexps (untested)
access to dn.subtree="uid=([^,]+),ou=People,o=foobar"
by dn="uid=$1,ou=People,o=foobar" write stop
--
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607
D-65760 Eschborn