[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex not implemented?



> 
> Hi There,
> 
> The last 4 hours i try to write an acl that give rights to an object for a
> role (or group). i make a test-server for this with these 3 aci's:
> 
> my tree consists of more than on organisation-subtrees und c=de.
> i want to make a rule that gives the OrganizationAdministratorRole (or
> group) all rights for his subtree:
> 
> 
> ---
> access to dn="^c=de$" by * read

you should do 

access to dn.base="c=de" by * read

if you mean everybody has read access to the "c=de" entry.

> 
> # THIS RULE IS IGNORED BY THE SERVER
> access to dn="o=(.+),c=de$"
>   by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
>   by * none

then you need 

access to dn="o=(.+),c=de$"
	by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
	by * auth

otherwise "cn=admin,ou=Groups,o=.+,c=de" won't be able to
access its entry in order to bind.

The best you can do is:

access to dn="o=(.+),c=de$" attrs=userPassword
	by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
	by * auth

access to dn="o=(.+),c=de$"
	by group.regex="^cn=admin,ou=Groups,o=$1,c=de$" write
	by * none


Pierangelo.