[Date Prev][Date Next] [Chronological] [Thread] [Top]

New functionality - ACL

To: <openldap-devel@OpenLDAP.org>
Subject: New functionality - ACL
From: Luiz Ernesto Pinheiro Malère <luiz.malere@eversystems.com>
Date: Tue, 15 Apr 2003 11:42:24 -0300

Hello,

I would like to suggest the support to simple regular expressions on the ACL
directive:

Suppose the following tree:

o=top
   |
   |-------------------------|--------------------------|
ou=sales                         ou=mkt                           ou=...

And suppose there are uid entries on the ou=sales, ou=mkt, ou=...

It would be very helpful to have the following access rule:

"Allow users to write to their own organizational unit nodes, and read
nodes from all others"

I thought about writing the rule like this (using regular expressions):

# $1 would assume the value of the specific ou.

access to dn.subtree="ou=.*,o=top"
                by dn.children="ou=$1,o=top" write

access to dn.children="o=top"
                by * read

This is something that is already implemented on the SASL directives.

What do you think about it, feasible ?

Great regards,
Luiz Ernesto Pinheiro Malère
luiz.malere@eversystems.com
55 11 3759-8118
_________________________________________
EverSystems | The Next Generation Systems
São Paulo     www.eversystems.com

Follow-Ups:
- Re: New functionality - ACL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Patch to provide peer name to shell backends
Next by Date: Re: Patch to provide peer name to shell backends
Index(es):
- Chronological
- Thread