[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: use of the domain acl control



At 09:33 AM 6/21/2006, Jeff Christensen wrote:
>read access to:
>cn=bob.cityxpress.com,ou=Hosts,dc=cityxpress,dc=com
>access to dn.regex="(.+),ou=Hosts,dc=cityxpress,dc=com"
>        by domain.regex="$1" write

The (.+) will match more than the value of CN, and you
give write not read.  Try:
  access to dn.regex="cn=(.+),ou=Hosts,dc=cityxpress,dc=com"
        by domain.regex="$1" read

Also note that 'domain' relies on reverse lookups being
enabled.

See slapd.access(5) and slapd.conf(5) for details.

-- Kurt