[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL - grant access to subtree by regex (solved)

To: openldap-technical@openldap.org
Subject: Re: ACL - grant access to subtree by regex (solved)
From: Ole <ole@free.de>
Date: Sat, 29 Jun 2013 20:39:27 +0200
In-reply-to: <20130629194908.79efc60c.ole@free.de>
References: <20130628165037.090c9e95.ole@free.de> <20130629194908.79efc60c.ole@free.de>

Am Sat, 29 Jun 2013 19:49:08 +0200
schrieb Ole <ole@free.de>:

>   access to dn.regex=".*ou=([^,]+),ou=mail,dc=example,dc=tld$"
>     by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write
>     by * break

Oh sorry, I have to correct this. It is more secure to use:

  access to dn.regex="^(.+,)?ou=([^,]+),ou=mail,dc=example,dc=tld$"
    by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write
    by * break

please see [1] for explanation.

Regards,
Ole

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: ACL - grant access to subtree by regex (solved)
  - From: Philip Guenther <guenther+ldaptech@sendmail.com>

References:
- ACL - grant access to subtree by regex
  - From: Ole <ole@free.de>
- Re: ACL - grant access to subtree by regex (solved)
  - From: Ole <ole@free.de>

Prev by Date: Re: ACL - grant access to subtree by regex (solved)
Next by Date: Re: ACL - grant access to subtree by regex (solved)
Index(es):
- Chronological
- Thread