[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: regex in group ACL

To: François Beretti <francois.beretti@enatel.com>
Subject: Re: regex in group ACL
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 04 Oct 2004 19:42:44 +0200
Cc: OpenLDAP Mail List <openldap-software@OpenLDAP.org>
References: <41617BB4.9090106@enatel.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

François Beretti wrote:

Hello
One of my access control command in slapd.conf does not work. I would like to know why.
Here it is :
access to filter="(objectClass=enatelSSOStorage)" dn.regex="*" attrs="entry" by group/enatelSSOAccountDelegation/enatelUserEntityObject.regex="cn=test1,cn=test2,$1" read

Assuming you're using OpenLDAP 2.2, "group.regex" is no longer supported (as it was doing something completely different from regexec'ing). See slapd.access(5) for details (and a replacement of what you intend it to do). Note that even the dn.regex="*" doesn't look so correct to me; I'd rather use dn.regex=".*". Finally, in case of match, you should rather use "$0", because "$1" refers to the first submatch (i.e. enclosed between brackets, and you don't use any brackets in the dn regex. So your rule should rather look like

access to filter="(objectClass=enatelSSOStorage)" dn.regex=".*" attrs="entry" by group/enatelSSOAccountDelegation/enatelUserEntityObject.expand="cn=test1,cn=test2,$0" read

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: regex in group ACL
  - From: François Beretti <francois.beretti@enatel.com>

References:
- regex in group ACL
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: ldap proxy/cache/replication, ala AD
Next by Date: Re: Antwort: Re: TCP/IP connection to LDAP backend never disconnects [Virus checked]
Index(es):
- Chronological
- Thread