[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem in OpenLDAP

To: JOYDEEP <j.bakshi@unlimitedmail.org>
Subject: Re: ACL problem in OpenLDAP
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 5 Jul 2007 15:14:55 +0200
Cc: openldap-software@openldap.org
In-reply-to: <468CD6B9.8070206@unlimitedmail.org>
References: <468CD6B9.8070206@unlimitedmail.org>

JOYDEEP writes:
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"

This matches a DN whose RDN is a 'cn', immediately below ou=personal,
but not subtrees below ou=personal nor RDNs that are not 'cn's.  Is that
intentional?

>   by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap"  read

Try by dn.expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"      read

>   by users none

There is an implicit 'by * none' at the end of each access statement, so
that line is not necessary.  And I assume you want to stop anonymous
access as well, so it's not as if the 'by users' statement is very
informative.

-- 
Regards,
Hallvard

Follow-Ups:
- Re: ACL problem in OpenLDAP
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

References:
- ACL problem in OpenLDAP
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

Prev by Date: Re: Building OpenLDAP client tools in Wintel platform - reg
Next by Date: Re: ACL problem in OpenLDAP
Index(es):
- Chronological
- Thread