[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: idea for access rules

To: "Stefan Palme" <palme@kapott.org>
Subject: Re: idea for access rules
From: masarati@aero.polimi.it
Date: Sun, 21 Feb 2010 13:54:29 +0100 (CET)
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Importance: Normal
In-reply-to: <1266756344.7621.16.camel@drops.kapott.org>
References: <1266753803.7621.12.camel@drops.kapott.org> <e08355247a6826a476e525e99f113737.squirrel@www.aero.polimi.it> <1266756344.7621.16.camel@drops.kapott.org>
User-agent: SquirrelMail/1.4.15

> On Sun, 2010-02-21 at 13:26 +0100, masarati@aero.polimi.it wrote:
>> > I am searching for a rule like this:
>> >
>> > access
>> >   to "cn=[^,]+,ou=data1,ou=data" attrs="attr1,attr2,attr3"
>> >   by dnattr="owner of node ou=data1,ou=data" write
>>
>> Try
>>
>> access to dn.children="ou=data1,ou=data"
>>         by set="[ou=data1,ou=data]/owner & user" write
>
> Thanks for this hint. The man page for slapd.access currently says
> "The statement set=<pattern> is undocumented yet". Is there anywhere
> else a detailed documentation for this?

Yes, it's very well hidden here
<http://www.openldap.org/faq/data/cache/1133.html> :)  Updating
slapd.access(5) has been on the todo list for long time...

> Especially, can I use regular expressions?

Yes, you should be able to figure out the syntax yourself from that link.

> Because my real need would
> be something like this:
>
> access
>   to dn.children="(ou=[^,]+,ou=data)"
>   by set="[$1]/owner & user" write
>
> so that I do not have to define a rule for each dataX-subtree...

p.

Follow-Ups:
- Re: idea for access rules
  - From: Stefan Palme <palme@kapott.org>

References:
- idea for access rules
  - From: Stefan Palme <palme@kapott.org>
- Re: idea for access rules
  - From: masarati@aero.polimi.it
- Re: idea for access rules
  - From: Stefan Palme <palme@kapott.org>

Prev by Date: Re: idea for access rules
Next by Date: Re: idea for access rules
Index(es):
- Chronological
- Thread