[Date Prev][Date Next]
Access Control - Variables
Is it possible to use Variables in ACL rules?
I'm trying to implement an access-control structure for a
Since it will be used for multiple customers, each customer should only
"see" their hardware.
The customers will be in
cn=XY, ou=people, o=customerorganisation, ou=customers, o=myorganisation
Their hardware will be in
myobject=XYZ, o=customerorganisation, ou=customers, o=myorganisation
The people of my organisation (who will get write access to everything)
will be in
cn=xy, ou=peole, o=myorganisation
So my ACL has to look somehow like this:
access to dn="myobject=XYZ, o=$1, ou=customers, o=myorganisation"
by dn="cn=*,ou=peole, o=myorganisation" write
by dn="cn=XY, ou=people, o=$1, ou=customers, o=myorganisation"
Somewhere I've seen ACL-descriptions like these:
access to dn="(.*)?, o=$1, ou=customers, o=myorganisation"
by dn="(.*)?, ou=peole, o=myorganisation" write
by dn="(.*)?, ou=people, o=$1, ou=customers, o=myorganisation"
A: Will both of the above ACLS work, and, if, where is the difference?
B: Will the Variable "o=$1" work? If not, how can I get a similar result
every customer in the ACL?
Thanks for your help