[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACLs, groups, and regular expressions... oh my
I've already tried that and it didn't work. And as I added in a followup,
this acl worked fine if I specify the domain. The regular expression is
just not being matched for some reason.
Any other ideas?
pwilson
> Hi,
>
> "Paul Wilson" <elviscious@rmci.net> writes:
>
>> I have been trying to formulate an acl that will allow read access to
>> the ldap server, if they are a member of any of the groups.
>>
>> Here is the acl I came up with:
>>
>> access to *
>> by group="cn=(.*),dc=example,dc=com read
>> by anonymous bind
>> by * none
>
>> Now as I see it anybody that is a member of any group there should get
>> read access to the box. However, that of course, is not happening.
>
> No, you don't have a group entry. Better use the dn.subtree
> statement. See man (5) slapd.access
>
> -Dieter
> --
> Dieter Kluenter | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: dkluenter@schevolution.com
> http://www.schevolution.com/tour