[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcAccess: Regex questions for "departments" and there admins

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: olcAccess: Regex questions for "departments" and there admins
From: Denny Fuchs <linuxmail@4lin.net>
Date: Thu, 14 Nov 2013 15:36:37 +0100
In-reply-to: <20131113182404.4d155764@pink.avci.de>
References: <67BC430A-BC04-4552-AE54-7B6BEAF2741E@4lin.net> <20131113182404.4d155764@pink.avci.de>

hi,

Am 13.11.2013 um 18:24 schrieb Dieter Klünter <dieter@dkluenter.de>:
> 
> You may want to read
> http://www.openldap.org/faq/data/cache/1133.htm
> http://www.openldap.org/faq/data/cache/1134.html

thanks for the tipp :-)

we changed the first {0} rule:

{0}to dn.regex="(.+,)ou=(.+,)?dc=example,dc=com$"
by group.expand="cn=ldapadmin,ou=roles,ou=$2dc=example,dc=com" write
by * break

[...]

and it seems, that everything works, as expected. The member from the groupOfNames can changed everything, under his three, but can't delete the subtree itself.

cu denny

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

References:
- olcAccess: Regex questions for "departments" and there admins
  - From: Denny Fuchs <linuxmail@4lin.net>
- Re: olcAccess: Regex questions for "departments" and there admins
  - From: Dieter KlÃnter <dieter@dkluenter.de>

Prev by Date: Can a DN entry have multiple structural object class
Next by Date: Re: Antw: Re: trouble when switching from bdb to mdb database
Index(es):
- Chronological
- Thread