[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap ACLS with regex



Jeronimo Zucco wrote:
> Jeronimo Zucco escreveu:
>>    Hi list.
>>
>>    I'm using openldap 2.3.35 to my mail user database, and I have this
>> structure:
>>
>> uid=user1,ou=People,dc=domain,dc=br
>>
>> ou=ImpPrefs,uid=user1,ou=People,dc=domain,dc=br
>>
>> cn=user1,ou=PersonalAddressBook,dc=domain,dc=br
>>
>>
>> I try to make ACLs to permit just "self" users to write, in his
>> ImpPrefs and PersonalAddressBook,  without success.
>>
>> I did not find much examples of ACLs with regex, I try to do:
>>
>>
>> access  to dn="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br"
>>        by dn="uid=$1,$2,ou=People,dc=domain,dc=br"        write
>>        by *                                            none
>>
>>
>> but this give me an error.
>>
>> Somebody can help me?
>>
> Answer to my self:
> 
> access  to dn.regex="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br$"
>        by dn.exact,expand="uid=$1,$2,ou=People,dc=domain,dc=br"   write
>        by *                                            none

What about

access to dn.regex="^.*,(uid=[^,]+,.+,ou=People,dc=domain,dc=br)$"
        by dn.exact,expand="$1" write

?  p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------