[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regex dn match

To: Jernej Kos <kostko@jweb-network.net>
Subject: Re: Regex dn match
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 13 Apr 2004 18:37:48 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <200404131810.00307.kostko@jweb-network.net>
References: <200404131810.00307.kostko@jweb-network.net>

Jernej Kos writes:
> How could i make a regex that matches:
> uid=user,ou=Drones,dc=unimatrix-one,dc=org
> 
> but NOT:
> uid=ftpuser,ou=FTP,uid=user,ou=Drones,dc=unimatrix-one,dc=org
> 
> and NOT:
> uid=mailuser,ou=Mail,uid=user,ou=Drones,dc=unimatrix-one,dc=org

If you mean uid=user... and all its children except those two should
have access, use something like

access to <whatever>
 by dn.exact=uid=ftpuser,ou=FTP,uid=user,ou=Drones,dc=unimatrix-one,dc=org none
 by dn.exact=uid=mailuser,ou=Mail,uid=user,ou=Drones,dc=unimatrix-one,dc=org none
 by dn.subtree=uid=user,ou=Drones,dc=unimatrix-one,dc=org read

The first matching 'by' will be used.

Or you could replace the two first `by's with something like
`by dn.regex=uid=(ftp|mail)user,ou=(FTP|Mail),uid=user,ou=Drones,dc=unimatrix-one,dc=org none'
if you are fond of regexps.

-- 
Hallvard

References:
- Regex dn match
  - From: Jernej Kos <kostko@jweb-network.net>

Prev by Date: Re: Access list - limiting access to attribute
Next by Date: some doubts about heimdal + ldap backend concepts
Index(es):
- Chronological
- Thread