[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: matching ou=(.*)=.. to dn=$1,ou=.. help
Quoting Harry Rüter <harry_rueter@gmx.de>:
| hI;
|
| tarjei@nu.no wrote:
| >
| > Hi,
| >
| > I'm implementing ldap personal adressbooks for Turba/imp the first webmail
| and
| > adressbook system that I've seen that contaings propper write support for
| ldap.
| > I've come quite far. (for those interested, I'll probably post a howto
| soon).
| >
| > But, I got one problem. Each user has his/hers own ou. That is I got
| something like:
| >
| > ou=personal,dc=domain,dc=com
| > \
| > - ou=USERID,ou=personal,...
| > - ou=USERID,ou=personal,...
| > - ou=USERID,ou=personal,...
| > etc
| > now, I want to define an acl like this:
| >
| > access to dn="ou=(.+),ou=personlige_adresser,o=nu,c=no"
| > by dn="uid=$1,ou=Brukere,o=nu,c=no" write
| > by * none
| >
| > i.e. that only users can read and write to their adressbooks.
| >
| > Now, can someone point out the obious misstake I am doing? I've used an
| hour
| > searching the maillinglist now, so please :)
|
| Maybe this way (i'm not really sure) :
|
| access to dn="ou=(.+),ou=personlige_adresser,o=nu,c=no"
| by dn="uid=$1,ou=personlige_adresser,o=nu,c=no" write
| by * none
The above should work, if I'm understanding correctly but why
so complicated for an addressbook, what is wrong with a general:
by self write
by * [write|read]
Unless this isn't true across the board.
I have used something like:
access to dn=".*ou=([^,]+),o=mydomain.org"
by dn="Manager",ou=$1,o=mydomain.org write
by * [write|read]
but not for my addressbook.
ed
|
| > Tarjei
|
| Greets Harry
| > -------------------------------------------------
| > This mail sent through IMP: http://horde.org/imp/
--
-------------------------------------------------------------
http://insourcery.com - Mergence of Business and Technology
a "Griffin Plaza Partners, LLC" Company