[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: use of the domain acl control

To: "Jeff Christensen" <jrc001@cityxpress.com>
Subject: Re: use of the domain acl control
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 22 Jun 2006 11:00:50 -0700
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <005001c69550$6c1bc780$8200010a@cxyvr.cityxpress.com>
References: <005001c69550$6c1bc780$8200010a@cxyvr.cityxpress.com>

At 09:33 AM 6/21/2006, Jeff Christensen wrote:
>read access to:
>cn=bob.cityxpress.com,ou=Hosts,dc=cityxpress,dc=com
>access to dn.regex="(.+),ou=Hosts,dc=cityxpress,dc=com"
>        by domain.regex="$1" write

The (.+) will match more than the value of CN, and you
give write not read.  Try:
  access to dn.regex="cn=(.+),ou=Hosts,dc=cityxpress,dc=com"
        by domain.regex="$1" read

Also note that 'domain' relies on reverse lookups being
enabled.

See slapd.access(5) and slapd.conf(5) for details.

-- Kurt

References:
- use of the domain acl control
  - From: "Jeff Christensen" <jrc001@cityxpress.com>

Prev by Date: Re: access control
Next by Date: Re: Problem with file descriptors limit
Index(es):
- Chronological
- Thread