[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Lazy ACLs and keeping your DIT as flat as possible
> Hi All,
>
> I'm pretty sure that this isn't possible, but wanted to check as my
> head hurts now.
I guess I'll need to re-work my DIT then to make this design sane.
Thanks.
> I have dynamic lists using slapo-dynlist with the Organization
> attribute of 'o' and I am trying to keep my DIT as flat as possible.
>
> I want to create an ACL that is "by group", which is fine. But....I
> don't want to hardcode a group.
>
> I want to "capture" o via a regex and use that in the "by group" like so:
>
> access to dn.subtree="ou=Users,dc=suretec,dc=co,dc=uk"
> attrs=o
> val.regex="(.+)"
> attrs=children,entry
> by group.expand="cn=$1,ou=Groups,dc=suretec,dc=co,dc=uk" read
> by self write
>
> or something like the following using a previous capture:
>
> access to filter=(&(objectClass=inetOrgPerson)(o=$1))
> by group/groupOfURLs/memberURL.expand="cn=$1,ou=Groups,dc=suretec,dc=co,dc=uk"
> read
> by self write
> by * none
>
> Issue is you can't pass captures between "access by" statements and my
> ACLs are flawed based on what you're searching for, which would be
> perfect. The goal being users in the same group can only see users on
> ou=Users of that group, with out hard coding group name in the conf.
>
> I guess I'll have to create branches to split up users. Then again,
> I'm adding a group to ou=Groups, why shouldn't I at the same time add
> a new ACL via cn=config?
>
> Cheers.
>
> --
> Kind Regards,
>
> Gavin Henry.
> Managing Director.
>
> T +44 (0) 1224 279484
> M +44 (0) 7930 323266
> F +44 (0) 1224 824887
> E ghenry@suretec.co.uk
>
> Open Source. Open Solutions(tm).
>
> http://www.suretecsystems.com/
>
> Suretec Systems is a limited company registered in Scotland. Registered
> number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie,
> Aberdeenshire, AB51 8GL.
>
> Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
>
> Do you know we have our own VoIP provider called SureVoIP? See
> http://www.surevoip.co.uk
>
> Did you see our API? http://www.surevoip.co.uk/api
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretec.co.uk
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie,
Aberdeenshire, AB51 8GL.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk
Did you see our API? http://www.surevoip.co.uk/api