[Date Prev][Date Next] [Chronological] [Thread] [Top]

regex in group ACL

To: OpenLDAP Mail List <openldap-software@OpenLDAP.org>
Subject: regex in group ACL
From: François Beretti <francois.beretti@enatel.com>
Date: Mon, 04 Oct 2004 18:35:00 +0200
User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)

Hello

One of my access control command in slapd.conf does not work. I would like to know why.

Here it is :

access to filter="(objectClass=enatelSSOStorage)" dn.regex="*" attrs="entry" by group/enatelSSOAccountDelegation/enatelUserEntityObject.regex="cn=test1,cn=test2,$1" read

in my directory I have :

ou=users
|
\---uid=denis
          \--cn=test3
                          \--cn=test2
                                           \--cn=test1
\---uid=francois

cn=test1 is an entry of objectClass enatelSSOAccountDelegation, and has "uid=francois,ou=users,dc=..." as a value for its enatelUserEntityObject attribute cn=test3 is of class enatelSSOStorage

I do a bind as uid=francois, then I try to access cn=test3, and I fail.

But if I don't use regex (if I write the exact DNs), I succeed : access to dn.exact="cn=test3,uid=denis,ou=Users,dc..." attrs="entry" by group/enatelSSOAccountDelegation/enatelUserEntityObject="cn=test1,cn=test2,cn=test3,uid=denis,ou=Users,dc=..." read


Why doesn't it works with regex ?

Thank you

François

Follow-Ups:
- Re: regex in group ACL
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: back-sql insert: entry at root denied
Next by Date: ldap proxy/cache/replication, ala AD
Index(es):
- Chronological
- Thread