[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: group.regex not implemented?
>
> Hi There,
>
> The last 4 hours i try to write an acl that give rights to an object for a
> role (or group). i make a test-server for this with these 3 aci's:
>
> my tree consists of more than on organisation-subtrees und c=de.
> i want to make a rule that gives the OrganizationAdministratorRole (or
> group) all rights for his subtree:
>
>
> ---
> access to dn="^c=de$" by * read
you should do
access to dn.base="c=de" by * read
if you mean everybody has read access to the "c=de" entry.
>
> # THIS RULE IS IGNORED BY THE SERVER
> access to dn="o=(.+),c=de$"
> by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
> by * none
then you need
access to dn="o=(.+),c=de$"
by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
by * auth
otherwise "cn=admin,ou=Groups,o=.+,c=de" won't be able to
access its entry in order to bind.
The best you can do is:
access to dn="o=(.+),c=de$" attrs=userPassword
by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
by * auth
access to dn="o=(.+),c=de$"
by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
by * none
Pierangelo.