Re: access control

[Zdenek Styblik <stybla@turnovfree.net>]

Darryl Moore wrote:
> Thanks Zdenek, Going back to my books I am learning more thanks to your
> comment. I think I understand what you are saying, but to work I still
> need to be able to expand the regular expression
> 
> so even with set="cn=..../member*" it would have to be
> set,expand="cn.../member*". because I have to match the group. I don't
> have a central admin group.
> 
> from what I've seen ",expand" only works with dn. constructs. Is that
> right? How else can I do this?
> 
> 
> cheers,
> darryl
> 

Hello Darryl,

I'm glad I could help a bit. I'm sorry, but I was busy since yesterday
(high speed winds, electricity out and too much work on repairs).
My knowledge of LDAP ACLs is basic and that was the top I made it so
far. I think I've seen some examples in books, but I can't find any at
the moment. You might also want to check
http://www.openldap.org/doc/admin24/access-control.html '#8.5. Sets -
Granting rights based on relationships', but I've read it some time ago
and "didn't get it too much" :(
May be somebody experienced will pick up and help more.

Have a nice weekend,
Zdenek


-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net