[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "inverse" ACL

To: Norbert Klasen <norbert.klasen@daasi.de>
Subject: Re: "inverse" ACL
From: "Pierangelo Masarati" <masarati@aero.polimi.it>
Date: Sat, 30 Mar 2002 11:52:23 +0000
Cc: OpenLDAP-software@OpenLDAP.org

Hi, is there an efficent way to do

access by group/organizationalRole/roleOccupant="cn=ds-manager,(.*)$" to dn.sub="$1" write

with OpenLDAP ACLs?

I'm afraid there's nothing like what you need; you may try to do something this way:

access to dn.regex=".*(cn=.+)$" by group/organizationalRole/roleOccupant.regex="cn=ds-manager,$1" read # ...

maybe in an incremental form:

access to dn.regex=".*([^,]+),dc=example,dc=com" by group/organizationalRole/roleOccupant.regex="cn=ds-manager,$1,dc=example,dc= com" read

access to dn.regex=".*([^,]+,[^,]+),dc=example,dc=com" by group/organizationalRole/roleOccupant.regex="cn=ds-manager,$1,dc=example,dc= com" read

access to dn.regex=".*([^,]+,[^,]+,[^,]+),dc=example,dc=com" by group/organizationalRole/roleOccupant.regex="cn=ds-manager,$1,dc=example,dc= com" read

access to dn.regex=".*([^,]+,[^,]+,[^,]+,[^,]+),dc=example,dc=com" by group/organizationalRole/roleOccupant.regex="cn=ds-manager,$1,dc=example,dc= com" read

with the required depth ...

Pierangelo.

Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati

Follow-Ups:
- Re: "inverse" ACL
  - From: "Pierangelo Masarati" <masarati@aero.polimi.it>

Prev by Date: How can i make openldap know where GNU regex library is?
Next by Date: Re: UniversityPerson schema
Index(es):
- Chronological
- Thread