[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex

To: "Matt M." <lmatt@ironblue.com>, openldap-software@OpenLDAP.org
Subject: Re: group.regex
From: Ace Suares <ace@suares.nl>
Date: Sun, 18 Apr 2004 22:04:20 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <40832141.3020701@ironblue.com>
Organization: Ace Suares' Internet Consultancy
References: <40832141.3020701@ironblue.com>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


You;ll find the answer here:

	http://www.openldap.org/lists/openldap-bugs/200310/msg00089.html

and here:

	http://www.openldap.org/lists/openldap-software/200310/msg00328.html

greetings,


_+Ace



> Hi all,
>
> I am just beginning to learn the syntax for access control with slapd.
> My question pertains to group regex's. The administrators manual and the
> slapd.access man page leave me a little confused.
>
> Quote from the slapd.access man page:
> ------------------------------------------------------------------------
> The statement dn=<pattern> means that access is granted to the matching
> DN.  The optional style qualifier dnstyle allows the  same  choices  of
> the  dn	form of the <what> field.  In addition, the regex form of
> pattern can exploit substring substitution of  submatches  in  the
> <what> dn.regex  clause  by using the form $<digit>, with digit ranging
> from 1 to 9.
> ------------------------------------------------------------------------
>
> Do the submatches work for groups also. For instance, take the following:
>
> -------------------------------------------------------------
> access to dn="cn=(.+),dc=example,dc=com"
> by group.regex="cn=$1,cn=test,dc=example,dc=com" write
> by * read
>
> access to * by * read
> -------------------------------------------------------------
>
> If they do indeed work for group.regex, then I would expect that access
> to an entry "cn=penguin,dc=example,dc=com" would be writable by the
> group "cn=penguin,cn=test,dc=example,dc=com" right?
>
> I tried this and it didn't work. I get insuficient rights errors when
> attempting to add an entry. Any help understanding this is appreciated.
> I'm running openldap-2.1.21 on Linux(Fedora Core 1).
>
> Also, does anyone know of a good book that covers access control in
> detail, or maybe links to some good tutorials or articles.
>
> Thanks,
>
> --
> Matt M.

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAgzOmy7boE8xtIjURAiL0AJ4hRIRcoi6328l+CX8hvVVV3WxeLACfb9Q5
Bit5JHwaBDumGz0Mm3elQGA=
=1y2Z
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: group.regex
  - From: Piotr Wadas <pwadas@jewish.org.pl>
- Re: group.regex
  - From: "Matt M." <lmatt@ironblue.com>

References:
- group.regex
  - From: "Matt M." <lmatt@ironblue.com>

Prev by Date: group.regex
Next by Date: Re: group.regex
Index(es):
- Chronological
- Thread