[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

To: openldap-technical@openldap.org
Subject: Re: ACLs based on attributes?
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 01 Feb 2010 08:23:44 +0100
In-reply-to: <20100131232254.xvrzz17d9a684o8g@www.umrk.nl> (Jaap Winius's message of "Sun, 31 Jan 2010 23:22:54 +0100")
References: <20100131010132.mt6mxu5o88xco440@www.umrk.nl> <87ljfelldy.fsf@rubin.avci.de> <20100131191207.vscokx4vl81wkgkg@www.umrk.nl> <0C0E6F46B05952CDC1ADD5F6@[192.168.1.2]> <CA7C716EA83297CEDF0C378E@[192.168.1.2]> <20100131232254.xvrzz17d9a684o8g@www.umrk.nl>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Jaap Winius <jwinius@umrk.nl> writes:

> Quoting Quanah Gibson-Mount <quanah@zimbra.com>:
>
>> Blah, I was thinking this in the wrong direction.  Sets are likely what
>> you need.  I think the syntax would be more
>>
>> by set.exact="user/title=telephonemanager" write
>
> This looks great, but I've tested it (with slapd v2.4.11) and
> unfortunately it doesn't want to work. Could there any special
> requirements that might be necessary before sets can be used?

this rule should do the trick:
access to dn.regex="cn=([^,]+),ou=whatsoever$"
          attrs=telephoneNumber
       by set="user/title & [telephoneManager]" write

-Dieter


-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: ACLs based on attributes?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: ACLs based on attributes?
Next by Date: Mingw regex compile issue
Index(es):
- Chronological
- Thread