[Date Prev][Date Next] [Chronological] [Thread] [Top]

New functionality - ACL


I would like to suggest the support to simple regular expressions on the ACL

Suppose the following tree:

ou=sales                         ou=mkt                           ou=...

And suppose there are uid entries on the ou=sales, ou=mkt, ou=...

It would be very helpful to have the following access rule:

"Allow users to write to their own organizational unit nodes, and read
nodes from all others"

I thought about writing the rule like this (using regular expressions):

# $1 would assume the value of the specific ou.

access to dn.subtree="ou=.*,o=top"
                by dn.children="ou=$1,o=top" write

access to dn.children="o=top"
                by * read

This is something that is already implemented on the SASL directives.

What do you think about it, feasible ?

Great regards,
Luiz Ernesto Pinheiro Malère
55 11 3759-8118
EverSystems | The Next Generation Systems
São Paulo     www.eversystems.com