[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Access Control

To: openldap-software@OpenLDAP.org
Subject: Re: LDAP Access Control
From: "Ace Suares" <ace@suares.com>
Date: Wed, 18 Sep 2002 08:19:26 -0400
Content-description: Mail message body
In-reply-to: <1032341815.1888.50.camel@billy.demon.nl>
References: <3D879672.7593.216E42@localhost>

Hi,

As said earlier, I am one of the many newbies.

And I would be surprised if 
> 
> cn=App1,cn=Torgeir,ou=people,ou=groups,dc=billy,dc=demon,dc=nl
> 
> access to dn=".*,cn=(.*),ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
>         attrs=entry,children
>         by anonymous auth
>         by dn="cn=Admin,dc=billy,dc=demon,dc=nl" write
>         by dn="cn=$1,ou=people,ou=groups,dc=billy,dc=demon,dc=nl" write
> 
> #

would allow cn=(.*),ou=people,ou=groups,dc=billy,dc=demon,dc=nl
to be managed with this rule !

Isn't that what was requested ? That the user can modify it's own 
entry AND it's children ?

The regex u are using, will never match
cn=Billy Da Kat,ou=people,ou=groups,dc=billy,dc=demon,dc=nl
as far as I understand it.

I just want to clarify this, can you confirm ?
Thanks,
ace

Follow-Ups:
- Re: LDAP Access Control
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Re: LDAP Access Control
  - From: "Ace Suares" <ace@suares.com>
- Re: LDAP Access Control
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: back-sql
Next by Date: RE: Write-intensive LDAP
Index(es):
- Chronological
- Thread