[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access Control - Variables
Dear List!
Is it possible to use Variables in ACL rules?
I'm trying to implement an access-control structure for a
hardware-management-database.
Since it will be used for multiple customers, each customer should only
"see" their hardware.
The customers will be in
cn=XY, ou=people, o=customerorganisation, ou=customers, o=myorganisation
Their hardware will be in
myobject=XYZ, o=customerorganisation, ou=customers, o=myorganisation
The people of my organisation (who will get write access to everything)
will be in
cn=xy, ou=peole, o=myorganisation
So my ACL has to look somehow like this:
access to dn="myobject=XYZ, o=$1, ou=customers, o=myorganisation"
by dn="cn=*,ou=peole, o=myorganisation" write
by dn="cn=XY, ou=people, o=$1, ou=customers, o=myorganisation"
write
Somewhere I've seen ACL-descriptions like these:
access to dn="(.*)?, o=$1, ou=customers, o=myorganisation"
by dn="(.*)?, ou=peole, o=myorganisation" write
by dn="(.*)?, ou=people, o=$1, ou=customers, o=myorganisation"
write
My Questions:
A: Will both of the above ACLS work, and, if, where is the difference?
B: Will the Variable "o=$1" work? If not, how can I get a similar result
without hard-coding
every customer in the ACL?
Thanks for your help
Timo Boettcher