[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex

To: Piotr Wadas <pwadas@jewish.org.pl>, openldap-software@OpenLDAP.org
Subject: Re: group.regex
From: Ace Suares <ace@suares.nl>
Date: Mon, 19 Apr 2004 02:13:36 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <Pine.LNX.4.21.0404190748100.11341-100000@kehillah.jewish.org.pl>
Organization: Ace Suares' Internet Consultancy
References: <Pine.LNX.4.21.0404190748100.11341-100000@kehillah.jewish.org.pl>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Does anyone knows in which version this is/will be fixed? I'm currently
> using 2.1.29/i386/bdb 4.52.
>

Please read
 
http://www.openldap.org/its/index.cgi/Incoming?id=2788;selectid=2788;statetype=-1

from top to bottom and you'll know the answer.

_Ace


> Regards
> P.
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > You;ll find the answer here:
> >
> > 	http://www.openldap.org/lists/openldap-bugs/200310/msg00089.html
> >
> > and here:
> >
> > 	http://www.openldap.org/lists/openldap-software/200310/msg00328.html
> >
> > greetings,
> >
> >
> > _+Ace
> >
> > > Hi all,
> > >
> > > I am just beginning to learn the syntax for access control with slapd.
> > > My question pertains to group regex's. The administrators manual and
> > > the slapd.access man page leave me a little confused.
> > >
> > > Quote from the slapd.access man page:
> > > -----------------------------------------------------------------------
> > >- The statement dn=<pattern> means that access is granted to the
> > > matching DN.  The optional style qualifier dnstyle allows the  same 
> > > choices  of the  dn	form of the <what> field.  In addition, the regex
> > > form of pattern can exploit substring substitution of  submatches  in 
> > > the <what> dn.regex  clause  by using the form $<digit>, with digit
> > > ranging from 1 to 9.
> > > -----------------------------------------------------------------------
> > >-
> > >
> > > Do the submatches work for groups also. For instance, take the
> > > following:
> > >
> > > -------------------------------------------------------------
> > > access to dn="cn=(.+),dc=example,dc=com"
> > > by group.regex="cn=$1,cn=test,dc=example,dc=com" write
> > > by * read
> > >
> > > access to * by * read
> > > -------------------------------------------------------------
> > >
> > > If they do indeed work for group.regex, then I would expect that access
> > > to an entry "cn=penguin,dc=example,dc=com" would be writable by the
> > > group "cn=penguin,cn=test,dc=example,dc=com" right?
> > >
> > > I tried this and it didn't work. I get insuficient rights errors when
> > > attempting to add an entry. Any help understanding this is appreciated.
> > > I'm running openldap-2.1.21 on Linux(Fedora Core 1).
> > >
> > > Also, does anyone know of a good book that covers access control in
> > > detail, or maybe links to some good tutorials or articles.
> > >
> > > Thanks,
> > >
> > > --
> > > Matt M.
> >
> > - --
> > Ace Suares' Internet Consultancy
> > NIEUW ADRES: Postbus 2599, 4800 CN Breda
> > telefoon: 06-244 33 608
> > fax en voicemail: 0848-707 705
> > website: http://www.suares.nl * http://www.qwikzite.nl
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
> >
> > iD8DBQFAgzOmy7boE8xtIjURAiL0AJ4hRIRcoi6328l+CX8hvVVV3WxeLACfb9Q5
> > Bit5JHwaBDumGz0Mm3elQGA=
> > =1y2Z
> > -----END PGP SIGNATURE-----

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAg24Ry7boE8xtIjURAjsBAJ9HJPMPjp31iOVawOJ6E3rNByYNKQCgqYC8
qRCxlqAnXz5m1Pd2iXi40TU=
=MNuN
-----END PGP SIGNATURE-----

References:
- Re: group.regex
  - From: Piotr Wadas <pwadas@jewish.org.pl>

Prev by Date: Re: group.regex
Next by Date: Re: group.regex
Index(es):
- Chronological
- Thread