[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: acl again
quote Pierangelo Masarati (8.11.2001):
> > Hi there,
> >
> > ok, the main wattles about regex i check, but why does this rule dont
> > work?
> >
> > ---
> > access to dn="(dc=[^,]+,)*(dc=[^,]+)$"
> > by group/organizationalRole/roleOccupant="cn=Domain Administrator, ou=Roles, $1 $2" write
>
> Before going into details, remember that ACLs and significantly regexes
> operate on NORMALIZED DNs, so you'd write:
> access to dn="(dc=[^,]+,)*(dc=[^,]+)$"
> by group/organizationalRole/roleOccupant="cn=Domain Administrator,ou=Roles,$1$2" write
ok, now i write a rule, which works for a hierarchy of three dc-levels and
is recursive.
(that means that "cn=Domain Administrator,ou=Roles,dc=uni-leipzig,dc=de"
has all rights in "dc=imise,dc=uni-leipzig,dc=de")
access to dn="^(dc=[^,]+,)?(dc=[^,]+,)?(dc=[^,]+)"
by group/organizationalRole/roleOccupant="cn=Domain Administrator,ou=Roles,$3" write
by group/organizationalRole/roleOccupant="cn=Domain Administrator,ou=Roles,$2$3" write
by group/organizationalRole/roleOccupant="cn=Domain Administrator,ou=Roles,$1$2$3" write
by * read
with
access to dn="^(dc=[^,]+,)*(dc=[^,]+)"
there is no "three-level-restriction" but also no recursion, because i cannot use
these "by group" lists.
any ideas, how i can consolidate these two things?
Sebastian Dietzold
--
Sebastian Dietzold
Institute for Medical Informatics,
Statistics and Epidemiology (IMISE)
University of Leipzig
Liebigstrasse 27
04103 Leipzig
Phone: +49 (0)341-9716114
Fax: +49 (0)341-9716130
- References:
- Re: acl again
- From: Pierangelo Masarati <masarati@aero.polimi.it>