[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL regexps

To: devdas@worldgatein.net
Subject: Re: ACL regexps
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 03 Sep 2001 19:40:05 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <01090316462300.13217@office.interoffice>

At 04:08 AM 2001-09-03, Devdas Bhagat wrote:
>I need to allow nested regexps for ACLs
>
>The tree is designed as:
>
>o=root--ou=resellers--o=$reseller--ou=owners--o=$owner--ou=domains-o=$domain--ou=users-o=$user
>          |--ou=control--o=$rootdn
>                                |--o=$supportdn
>
>$reseller, $owner and $user need write access to everything below them
>and no access anywhere else ($reseller will have multiple owners, each
>$owner has multiple users). 

>Can someone tell me what the regexps for the acls will look like?

Here is a start... 
# $1 prefix
# $2 user
# $3 domain
# $4 owner
# $5 reseller
access to dn="(.+,)?o=(.+),ou=users,o=(.+),ou=domains,o=(.+),ou=owners,o=(.+),ou=resellers,o=root"
        by dn="(((o=$2,ou=users,)?o=$3,ou=domains,)?o=$4,ou=owners,)?o=$5,ou=resellers,o=root" write
        by dn="o=root,ou=control,o=root" write
        by dn="o=support,ou=control,o=root" read


Once you figure out how this one works (assuming I got it right :-), then
the others should be rather straight forward to derive...

References at http://www.openldap.org/faq/index.cgi?file=423 may be helpful.

References:
- ACL regexps
  - From: Devdas Bhagat <devdas@worldgatein.net>

Prev by Date: Re: International Telephone Number Question
Next by Date: Re: Problem: Adding new entries on version 2.
Index(es):
- Chronological
- Thread