[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem with ACL and regex
Hi Pierangelo,
that´s it!!! Thank you so much... That´s exactly what I tried to do the
last 2 days...
Michael
> Let me fix a coupel of typos and add an extra rule
> to my previous message:
>
> # allow everybody to try to bind
> access to attrs=userPassword
> by self write
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by anonymous auth
>
> # give read access to one's entry to himself only
> access to dn.regex="^cn=([^,]+)ou=user,dc=cw$$"
> by self read
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by * none
>
> # allow one to create chidren of its own addressbook
> access to dn.regex="^ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
> attrs=children
> by dn.exact,expand="cn=$1,ou=user,dc=cw" write
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by * none
>
> # allow no-one else read access to one's addressbook entry
> access to dn.regex="^ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
> by dn.exact,expand="cn=$1,ou=user,dc=cw" read
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by * none
>
> # allow one to create entries in its own addressbook;
> # no-one else can read it
> access to dn.regex="[^,]+,ou=addressbook,cn=([^,]+),ou=user,dc=cw$$"
> attrs=entry,<list what attributes one needs to write>
> by dn.exact,expand="cn=$1,ou=user,dc=cw" write
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by * none
>
> # allow everybody to read everything else, including
> # the company-wide addressbook
> access to *
> by dn.exact="cn=admin,ou=user,dc=cw" write
> by users read
> by * none