[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap ACLS with regex
Jeronimo Zucco wrote:
> Jeronimo Zucco escreveu:
>> Hi list.
>>
>> I'm using openldap 2.3.35 to my mail user database, and I have this
>> structure:
>>
>> uid=user1,ou=People,dc=domain,dc=br
>>
>> ou=ImpPrefs,uid=user1,ou=People,dc=domain,dc=br
>>
>> cn=user1,ou=PersonalAddressBook,dc=domain,dc=br
>>
>>
>> I try to make ACLs to permit just "self" users to write, in his
>> ImpPrefs and PersonalAddressBook, without success.
>>
>> I did not find much examples of ACLs with regex, I try to do:
>>
>>
>> access to dn="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br"
>> by dn="uid=$1,$2,ou=People,dc=domain,dc=br" write
>> by * none
>>
>>
>> but this give me an error.
>>
>> Somebody can help me?
>>
> Answer to my self:
>
> access to dn.regex="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br$"
> by dn.exact,expand="uid=$1,$2,ou=People,dc=domain,dc=br" write
> by * none
What about
access to dn.regex="^.*,(uid=[^,]+,.+,ou=People,dc=domain,dc=br)$"
by dn.exact,expand="$1" write
? p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------