[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: matching ou=(.*)=.. to dn=$1,ou=.. help



Quoting Harry Rüter <harry_rueter@gmx.de>:

| hI;
| 
| tarjei@nu.no wrote:
| > 
| > Hi,
| > 
| > I'm implementing ldap personal adressbooks for Turba/imp the first webmail
| and
| > adressbook system  that I've seen that contaings propper write support for
| ldap.
| > I've come quite far. (for those interested, I'll probably post a howto
| soon).
| > 
| > But, I got one problem. Each user has his/hers own ou. That is I got
| something like:
| > 
| > ou=personal,dc=domain,dc=com
| >  \
| >    - ou=USERID,ou=personal,...
| >    - ou=USERID,ou=personal,...
| >    - ou=USERID,ou=personal,...
| > etc
| > now, I want to define an acl like this:
| > 
| > access to dn="ou=(.+),ou=personlige_adresser,o=nu,c=no"
| >         by dn="uid=$1,ou=Brukere,o=nu,c=no" write
| >         by * none
| > 
| > i.e. that only users can read and write to their adressbooks.
| > 
| > Now, can someone point out the obious misstake I am doing? I've used an
| hour
| > searching the maillinglist now, so please :)
| 
| Maybe this way (i'm not really sure) :
| 
| access to dn="ou=(.+),ou=personlige_adresser,o=nu,c=no"
|        by dn="uid=$1,ou=personlige_adresser,o=nu,c=no" write
|        by * none
The above should work, if I'm understanding correctly but why
so complicated for an addressbook, what is wrong with a general:
       by self write
       by * [write|read]

Unless this isn't true across the board.

I have used something like:
       access to dn=".*ou=([^,]+),o=mydomain.org"
          by dn="Manager",ou=$1,o=mydomain.org write
          by * [write|read]

but not for my addressbook.

ed

|  
| > Tarjei
| 
| Greets Harry 
| > -------------------------------------------------
| > This mail sent through IMP: http://horde.org/imp/


-- 


-------------------------------------------------------------
 http://insourcery.com - Mergence of Business and Technology  
          a "Griffin Plaza Partners, LLC" Company