[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4230) access to attr=objectClass

--On Tuesday, November 29, 2005 3:06 PM +0000 syrius.ml@no-log.org wrote:

> Full_Name:
> Version: 2.2.26
> OS: GNU/Linux (debian/unstable)
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Hi there,
> When I use the acl below ldapsearch doesn't show all the objectClass
> anymore. The displayed objects only have objectClass=top
> access to attr=objectClass val.regex=".*"
>        by * read


access to attr=objectClass val.regex=".+"

> I was first trying to use an acl like this:
> access to attr=objectClass val.regex="sambaSamAccount"
>        by cn=test,dc=test,dc=test write
>        by * read
> when i discovered that.
> Is this a bug ?
> Or am i doing something wrong ?

Well, "sambaSamAccount" isn't a regular expression.  Have you tried 

     Using            the            form            attrs=<attr>
     val[/matchingRule][.<attrstyle>]=<attrval>  specifies access
     to a particular value of a single attribute.  In this  case,
     only  a  single attribute type may be given. The <attrstyle>
     exact (the default) uses the attribute's  equality  matching
     rule  to compare the value, unless a different (and compati-
     ble) matching rule  is  specified.  If  the  <attrstyle>  is
     regex,  the provided value is used as a POSIX (''extended'')
     regular expression pattern.  If the attribute has DN syntax,
     the  <attrstyle>  can  be  any of base, onelevel, subtree or
     children, resulting in base, onelevel, subtree  or  children
     match, respectively.

Although the above is from the OL 2.3 man pages, so syntax may be slightly 
different than with OL 2.2.


Quanah Gibson-Mount
QA Engineer