[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs - match FDN to portion of attribute

To: openldap-software@openldap.org
Subject: ACLs - match FDN to portion of attribute
From: Sergiy Stepanenko <ses863@mail.usask.ca>
Date: Tue, 13 Apr 2010 10:38:37 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4

Hello everybody,

I am in need of a good advice. I have a problematic spot in my ACL andso far i can not figure out what to do with it.


This is what needs to be accomplished:

an Entry has attribute uofsGroupRole that may contain values like :
uid=some_user, ou=nsids,ou=people,dc=usask,dc=ca:some_role

only user with matching uid may see this attribute and its value.

I tried :

access to attrs=uofsGroupRoleval.regex="uid=([^,]+),ou=nsids,ou=people,dc=usask,dc=ca.*$"

  by dn.regex="uid=$1,ou=nsids,ou=people,dc=usask,dc=ca$" read

And it did not work as required. I know the problem in regex, but I cannot find it.

Any suggestions are greatly appreciated.

Cheers

--
Sergiy Stepanenko
Systems Administrator
Information Technology Services
University of Saskatchewan
-----------------------------------
phone:    (306) 966-2762
email:sergiy.stepanenko@usask.ca

Follow-Ups:
- Re: ACLs - match FDN to portion of attribute
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: ACLs - allowing a user to add a new attribute
Next by Date: Re:ACLs - allowing a user to add a new attribute
Index(es):
- Chronological
- Thread