[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACL and regex



Hi Pierangelo,

that´s it!!! Thank you so much... That´s exactly what I tried to do the
last 2 days...

Michael

> Let me fix a coupel of typos and add an extra rule
> to my previous message:
>
> # allow everybody to try to bind
> access to attrs=userPassword
>         by self write
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by anonymous auth
>
> # give read access to one's entry to himself only
> access to dn.regex="^cn=([^,]+)ou=user,dc=cw$$"
>         by self read
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by * none
>
> # allow one to create chidren of its own addressbook
> access to dn.regex="^ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
>                 attrs=children
>         by dn.exact,expand="cn=$1,ou=user,dc=cw" write
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by * none
>
> # allow no-one else read access to one's addressbook entry
> access to dn.regex="^ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
>         by dn.exact,expand="cn=$1,ou=user,dc=cw" read
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by * none
>
> # allow one to create entries in its own addressbook;
> # no-one else can read it
> access to dn.regex="[^,]+,ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
>                 attrs=entry,<list what attributes one needs to write>
>         by dn.exact,expand="cn=$1,ou=user,dc=cw" write
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by * none
>
> # allow everybody to read everything else, including
> # the company-wide addressbook
> access to *
>         by dn.exact="cn=admin,ou=user,dc=cw" write
>         by users read
>         by * none