[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control - Variables - still not working
Thanks for your help, but I still haven't any clue how to get the
Variable substituted with what was found for the regex pattern.
Pierangelo Masarati wrote:
>
> You can use regex pattern substitution in the form:
>
> access to dn=".*ou=([^,]+),o=myorganization"
> by dn="cn=admin,ou=$1,o=myorganization" write
> by * read
>
one of my acl's is now:
access to dn=".*o=([^,]+),ou=customers,o=myorganisation"
by dn="cn=*,ou=people,o=myorganisation" write
by dn="cn=*,ou=people,o=$1,ou=customers,o=myorganisation" read
When I try to bind with an user of cn=test, o=specificcustomer,
ou=customers, o=myorganisation I get an error.
This is what the log shows:
slapd[19080]: daemon: conn=24 fd=15 connection from IP=127.0.0.1:3155
(IP=0.0.0.0:34049) accepted.
slapd[19083]: conn=24 op=0 BIND dn="" method=128
slapd[19083]: conn=24 op=0 RESULT tag=97 err=0 text=
slapd[19084]: conn=24 op=1 SRCH base="ou=customers,o=myorganisation"
scope=1 filter="(o=specificcustomer)"
slapd[19084]: => access_allowed: search access to "o=specificcustomer,
ou=customers, o=myorganisation" "o" requested
[snip]
more acl's...
[snap]
slapd[19084]: => dnpat: [6] .*o=([^,]+),ou=customers,o=myorganisation
nsub: 1
slapd[19084]: => acl_get: [6] matched
slapd[19084]: => acl_get: [6] check attr o
slapd[19084]: <= acl_get: [6] acl o=specificcustomer, ou=customers,
o=myorganisation attr: o
slapd[19084]: => acl_mask: access to entry "o=specificcustomer,
ou=customers, o=myorganisation", attr "o" requested
slapd[19084]: => acl_mask: to value by "", (=n)
slapd[19084]: <= check a_dn_pat: cn=*,ou=people,o=myorganisation
slapd[19084]: <= check a_dn_pat:
cn=*,ou=people,o=$1,ou=Kunden,o=myorganisation
seems that the slapd takes the right acl, but doesn't substitute the
regex part so that there is no match for the <who> clause
slapd[19084]: <= acl_mask: no more <who> clauses, returning =n (stop)
slapd[19084]: => access_allowed: search access denied by =n
slapd[19084]: conn=24 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[19157]: conn=24 op=2 RESULT tag=101 err=34 text=invalid DN
How can I get slapd to substitute the Variable?
Thanks for your help
Timo Boettcher