[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: use of the domain acl control
At 09:33 AM 6/21/2006, Jeff Christensen wrote:
>read access to:
>cn=bob.cityxpress.com,ou=Hosts,dc=cityxpress,dc=com
>access to dn.regex="(.+),ou=Hosts,dc=cityxpress,dc=com"
> by domain.regex="$1" write
The (.+) will match more than the value of CN, and you
give write not read. Try:
access to dn.regex="cn=(.+),ou=Hosts,dc=cityxpress,dc=com"
by domain.regex="$1" read
Also note that 'domain' relies on reverse lookups being
enabled.
See slapd.access(5) and slapd.conf(5) for details.
-- Kurt