[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Help with regexp substring capturing in 'filter' ACL clause
Victor Danilchenko <danilche@cs.umass.edu> writes:
> Hi,
> I am trying to write an access control stanza that would
> generalize over multiple groups, to replace a set of specific ones, one
> per group.
>
> Here is what I have been using so far (we use custom schema,
> cscfPersonGroupDN is an attribute in it):
>
> access to filter=(cscfPersonGroupDN=cn=somegroup,dc=example,dc=com) attr=uidNumber
> by self read
> by dn="cn=somegroup,dc=example,dc=com" read
> by * -w break
>
> and it works fine. However, I need one of these for each group.
> I tried to replace it with something like:
>
> access to filter=(cscfPersonGroupDN=cn=(.*),dc=example,dc=com) attr=uidNumber
> by self read
> by dn="cn=$1,dc=example,dc=com" read
> by * -w break
>
> and it doesn't work. Is there any way to do substring capture
> within the 'filter' clause? Can anyone help me?
http://www.openldap.org/faq/data/cache/452.html
section: Sets in Access Controls
section: More on sets and how ...
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8C183C8622115328