[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About ACL

To: "ludovico.basili@poste.it" <ludovico.basili@poste.it>
Subject: Re: About ACL
From: "Pierangelo Masarati" <masarati@aero.polimi.it>
Date: Mon, 11 Feb 2002 09:48:45 +0000
Cc: "openldap-software" <openldap-software@OpenLDAP.org>
In-reply-to: <GRD1ED$I01xcOaMkA1Qeo6TE9XES8gKoXfUIkiAfNjNyu5tkBtxWJwlMJlpe@poste.it>
References: <GRD1ED$I01xcOaMkA1Qeo6TE9XES8gKoXfUIkiAfNjNyu5tkBtxWJwlMJlpe@poste.it>

ludovico.basili@poste.it writes:

Hello, I have already wroten a message, but I think I couldn't explain my problem clearly. I would like to define an ACL that permits to a user defined in a position in the tree to read only a subtree whose root position depends on the position of the user. For example, if the user is cn=foo,ou=People,o=XYZ he can read everywhere under ou=People,o=XYZ If the user is cn=me,ou=Something,ou=People,o=XYZ he can read everywhere under ou=Something,ou=People,o=XYZ The users are added/removed by my application at runtime, so I would like to have the privileges been assigned to new users without restarting slapd. Is it possible ?

try something like

access to dn=".+,ou=([^,]+),ou=People,o=XYZ" by dn="cn=[^,]+,ou=$1,ou=People,o=XYZ" read

Pierangelo.

Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:pierangelo.masarati@polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati

Follow-Ups:
- RE: About ACL
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- About ACL
  - From: "ludovico.basili@poste.it"<ludovico.basili@poste.it>

Prev by Date: About ACL
Next by Date: sasl authentification
Index(es):
- Chronological
- Thread