[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4230) access to attr=objectClass
--On Tuesday, November 29, 2005 3:06 PM +0000 syrius.ml@no-log.org wrote:
> Full_Name:
> Version: 2.2.26
> OS: GNU/Linux (debian/unstable)
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.49.184.28)
>
>
> Hi there,
>
> When I use the acl below ldapsearch doesn't show all the objectClass
> anymore. The displayed objects only have objectClass=top
> access to attr=objectClass val.regex=".*"
> by * read
Try:
access to attr=objectClass val.regex=".+"
> I was first trying to use an acl like this:
> access to attr=objectClass val.regex="sambaSamAccount"
> by cn=test,dc=test,dc=test write
> by * read
> when i discovered that.
>
> Is this a bug ?
> Or am i doing something wrong ?
Well, "sambaSamAccount" isn't a regular expression. Have you tried
val.exact?
Using the form attrs=<attr>
val[/matchingRule][.<attrstyle>]=<attrval> specifies access
to a particular value of a single attribute. In this case,
only a single attribute type may be given. The <attrstyle>
exact (the default) uses the attribute's equality matching
rule to compare the value, unless a different (and compati-
ble) matching rule is specified. If the <attrstyle> is
regex, the provided value is used as a POSIX (''extended'')
regular expression pattern. If the attribute has DN syntax,
the <attrstyle> can be any of base, onelevel, subtree or
children, resulting in base, onelevel, subtree or children
match, respectively.
Although the above is from the OL 2.3 man pages, so syntax may be slightly
different than with OL 2.2.
--Quanah
--
Quanah Gibson-Mount
QA Engineer
<http://www.openldap.org>