[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control question



thanks for your help,finally i got an acl like this:

access to dn="cn=[^,]+,ou=([^,]+),dc=com"
 by dn="ou=$1,dc=com" write
 by dn="cn=*,ou=$1,dc=com" read
 by * none

access to *
    by self write
    by * none

my tree is like this:
dc=root
        ------ ou=a
                    -----cn=1
                    -----cn=2
        -------ou=b
                    -----cn=1
                    -----cn=2
the acl had achieved these effect:
1.every node write self
2.dn like cn=1,ou=a,dc=com can read other dn on level in same group
3.dn like cn=1,ou=a,dc=com can be write by its parent node

but i have a question is :
    why  cn=1,ou=a,dc=com can write cn=2,ou=a,dc=com

maybe i can't understand "$1", what it represent?


best regards,

sheujun