[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL regex broken upgrading from 2.2.14 to 2.2.28

To: OpenLDAP-software@OpenLDAP.org
Subject: ACL regex broken upgrading from 2.2.14 to 2.2.28
From: Ben Sommer <Ben.Sommer@enc.edu>
Date: Thu, 22 Sep 2005 13:56:35 -0400
User-agent: Mozilla Thunderbird 0.7.3 (X11/20041016)

Hi All. Thank you for reading this.

Perhaps there is a tidbit I missed somewhere in the release notes or list discussions to explain this, but I am having a problem in 2.2.28 with a very simple regex ACL rule that worked correctly in version 2.2.14:

access to dn.subtree="ou=personal_addressbook,dc=enc,dc=edu"
      by dn="cn=adm,ou=admin,ou=sys,dc=enc,dc=edu" write
      by * break
access to dn.regex="^.*ou=(.)(.*),ou=personal_addressbook,dc=enc,dc=edu"
      by dn="ueid=$1$2,ou=$1,ou=people,dc=enc,dc=edu" write
      by * none

FYI, my user DNs look like "ueid=4asgxek3ci,ou=4,ou=people,dc=enc,dc=edu", with the "ou=4" part corresponding to the first character of the "ueid" attribute. Thus, this person's addressbook entry would have a DN - "ou=4asgxek3ci,ou=personal_addressbook,dc=enc,dc=edu".

Using the ACL above taken from my 2.2.14 installation, there is no access at all, but tweaking this part...

   "^.*ou=(.)(.*),ou=personal_addressbook,dc=enc,dc=edu"

...in this way...

   ^.*ou=(\w{1})(.*),ou=personal_addressbook,dc=enc,dc=edu

...allows read access but no write.


Thanks in advance for any insight.

Best,

--
Ben Sommer
Senior Technology Officer
Eastern Nazarene College
23 East Elm Ave
Quincy, MA 02170
(617) 745-3817

Prev by Date: Re: OpenLDAP & Cyrus-SASL: how to specify mech_list
Next by Date: OpenLDAP Server configuration for controls and extends HOWTO
Index(es):
- Chronological
- Thread