[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access control, groups/organizationalRole
Frederik Bosch <frederik.bosch@gmail.com> writes:
> Thanks again Dieter. That looks way to difficult for me :). I changed
> some things. Now suppose that I want to assign read access to every
> roleOccupant in a organizationalRole.
>
> access to * by group/organizationalRole/roleOccupant read
>
> But that's not correct syntax. Slapd won't start. It has to be like this:
>
> access to * by group/organizationalRole/roleOccupant="<DN>" read
>
> What syntax do I need to let "<DN>" match the whole tree?
by
group/organizationalRole/roleOccupant.expand="^cn=([^,]+),ou=subtree,o=myOrganization$"
or similar, see man slapd.access(5) for more information.
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6