On Tue, Apr 13, 2010 at 10:38:37AM -0600, Sergiy Stepanenko wrote:
an Entry has attribute uofsGroupRole that may contain values like :
uid=some_user, ou=nsids,ou=people,dc=usask,dc=ca:some_role
only user with matching uid may see this attribute and its value.
I tried :
access to attrs=uofsGroupRole
val.regex="uid=([^,]+),ou=nsids,ou=people,dc=usask,dc=ca.*$"
by dn.regex="uid=$1,ou=nsids,ou=people,dc=usask,dc=ca$" read
And it did not work as required. I know the problem in regex, but I can not
find it.
The final dollar sign in the 'by' clause needs to be escaped with a
second dollar sign - like this example from the slapd.access manpage:
access to dn.regex="^(.+,)?uid=([^,]+),dc=[^,]+,dc=com$"
by dn.regex="^uid=$2,dc=[^,]+,dc=com$$" write
In your case, you could probably simplify the 'by' clause like this:
access to attrs=uofsGroupRole
val.regex="uid=([^,]+),ou=nsids,ou=people,dc=usask,dc=ca.*$"
by dn.exact,expand="uid=$1,ou=nsids,ou=people,dc=usask,dc=ca" read