Frankly I don't understand in detail what you want to achieve. But first of all: Did you set "add_content_acl on" in your slapd.conf (or similar in back-config)? Ciao, Michael. Emmanuel Dreyfus wrote: > Replying to myself: > > Reading latest code from git, I can tell that there is no way to craft > an ACL using val for multiple attributes. Such a concept is difficult to > specify anyway: if I imagine something like this: > access to attrs=foo val.regex="^(.*)$" attrs=bar val.regex="^(.*)$" > > We can immagine we find foo's new value in ${v1} and bar's new value in > ${v2}, but ${v0} remains difficult to define. And then there is the > problem of how to handle multivalued attributes. > > I came to the conclusion that this is not The Right Way of doing it, > hence I had another idea: I could use an overlay that creates dynamic > attributes based on other attribute's values. Some kind of buz = > printf("%s-%s", foo, bar) functionnality and use val.regex against this > buz dynamic attribute. > > Questions > 1) Does it already exist? Perhaps slapo-rwm is able to do something like > this? > 2) If not then I could implement it, but how feasible is it? Are > overlays able to tweak an add or modify request, to add an attribute > before it hits the ACL layer? > > > Emmanuel Dreyfus <manu@netbsd.org> wrote: > >> In ACL, the attrs=foo val.regex="^(.*)$" construct allows filtering on >> the new value for an attribute. >> >> Using sets in the who clauses this new value can be matched as ${v0} >> against current attributes values. But what about if we want to match >> against another new attribute value? I currently run 2.4.33, and there >> is no way to have multiple attrs=foo val.regex="^(.*)$" statements in the >> what clause. Has this changed in later releases? Or is there another way >> of doing it?
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature