[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Access Control
Hi Daniel Tiefnig,
> I don't think so either. Taking the Example, the above rule will just
> give access to
> dn=".*,cn=Torgeir,ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
> which does _not_ include
> dn="cn=Torgeir,ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
Agreed.
> Correctly, the ACL could be written as
>
> access to
> dn=".*cn=([^,]+),ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
> by dn="cn=$1,ou=people,ou=groups,dc=billy,dc=demon,dc=nl" write
Almost -- you don't want qqqcn=... to match at the start.
If anything comes before cn=... it should end in a comma, making it
dn="(.*,)?cn=..."
by dn="cn=$2,ou=..." write
I didn't know we could do $1 and $2 stuff in LDAP. Pretty cool.
-Rick van Rein