[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: About ACL
ludovico.basili@poste.it writes:
Hello,
I have already wroten a message, but I think I couldn't
explain my problem clearly.
I would like to define an ACL that permits to a user
defined in a position in the tree to read only a subtree
whose root position depends on the position of the user.
For example, if the user is
cn=foo,ou=People,o=XYZ
he can read everywhere under
ou=People,o=XYZ
If the user is
cn=me,ou=Something,ou=People,o=XYZ
he can read everywhere under
ou=Something,ou=People,o=XYZ
The users are added/removed by my application at runtime,
so I would like to have the privileges been assigned to new
users without restarting slapd. Is it possible ?
try something like
access to dn=".+,ou=([^,]+),ou=People,o=XYZ"
by dn="cn=[^,]+,ou=$1,ou=People,o=XYZ" read
Pierangelo.
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati
- References:
- About ACL
- From: "ludovico.basili@poste.it"<ludovico.basili@poste.it>