[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL with val.regex expression
> access to attrs=description val.regex="^/bin/[^f][^s][^h]"
> by users write
> by * read
Thanks for the followup, I'll have to play around some more.
> (I didn't feel like populating the database with homeDirectory and so),
> and it worked: users were able to add/delete "/bin/bash", but not
> "/bin/fsh".
I think what I wanted was subtly different than this though. I need for
users who have an existing value of "/bin/fsh" to be prevented from
deleting or modifying their entry. The crux of my issue here appears to
be that I didn't understand that the val.<type>=<value> constraint is
only evaluated on the add portion of an operation, i.e. as a way of
controlling possible values you can input. Instead, I thought it was
part of the query operation, i.e. this is an ACL applying to a certain
attribute under the condition where a certain regular expression applies
to the value of the attribute.
The sets notation gave me what I needed.
Thanks!
Mark