[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem in OpenLDAP



JOYDEEP writes:
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"

This matches a DN whose RDN is a 'cn', immediately below ou=personal,
but not subtrees below ou=personal nor RDNs that are not 'cn's.  Is that
intentional?

>   by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap"  read

Try by dn.expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"      read

>   by users none

There is an implicit 'by * none' at the end of each access statement, so
that line is not necessary.  And I assume you want to stop anonymous
access as well, so it's not as if the 'by users' statement is very
informative.

-- 
Regards,
Hallvard