[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Let "self" create new entries
Am Wed, 6 May 2009 12:39:10 -0700
schrieb Sean Burford <unix.gurus@gmail.com>:
> On Tue, May 5, 2009 at 3:13 PM, Wolfgang Lorenz <wl-chmw@gmx.de>
> wrote:
>
> > Thank you,
> >
> > I've found a way to achieve exactly what I wanted:
> >
> > # self may write subentries no one else may read...
> > access to dn.regex="^(.+,)+uid=([^,]+),ou=people,dc=example,dc=com$"
> > by dn.regex="^uid=$2,ou=people,dc=example,dc=com$$" write
>
>
> Where possible I would use the self.level{-1} syntax in preference of
> regexes since it is more descriptive. It also doesn't depend on the
> stability and performance of the OS regex libraries (which use a lot
> of malloc/frees).
>
But the regex-way gives me the possibility to give write access to the
whole subtree of the binddn, whereas I wouldn't know how to do this
using self.level...
Anyway, I don't expect many ldap-requests, what makes me think, that I
can spare some mallocs and frees. ;-) But I can see, that this might be
a problem on a bigger system with much more users, than mine.
Cheers,
Wolfgang