[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
dnattr access rule
Hi,
I need to grant access to an entry (and its children) to another entry
of my ldap that is listed in a specific attribute.
I have:
cn=foo,ou=people,dc=domain,dc=tld
This entry has a seeAlso attribute, which contains the DN of a user able
to modify it.
seeAlso: uid=bar,ou=users,dc=domain,dc=tld
I want to make uid=bar,ou=users able to modify cn=foo,ou=people and able
to add children to it. The following access rule doesn't seem to be right:
access to dn="^.*cn=([^,]+),ou=people,dc=domain,dc=tld$"
by dnattr=seeAlso write
by * none
Can you give me help for this please? Thanks for feedback.
--
--dju`