[Date Prev][Date Next]
Variables/Substitution in ACL's
I've got a problem with ACL's.
I'm trying to grant access to a specific subtree to anybody who is in
the peoples-subtree of this specific subtree.
To do that, I need (or at least I think so, If anybody as a different
idea, please tell me) some regex pattern substitution.
I want to substitute "$1" in the "who" part of the ACL with what was
found for the regex ".*o=([^,]+)" in the "what" part of the ACL.
My ACL for that is:
access to dn=".*o=([^,]+),ou=customers,o=myorganisation"
by dn=".*cn=([^,]+),ou=people,o=myorganisation" write
by dn=".*cn=([^,]+),ou=people,o= $1
by anonymous read
Here is a part of the log:
=> access to entry
=> to all values by
<= a_dn_pat: .*cn=([^,]+),ou=people,o=myorganisation
<= a_dn_pat: .*cn=([^,]+),ou=people,o= $1 ,ou=customers,o=myorganisation
why is the "$1" not substituted?
<= a_dn_pat: anonymous
<= no more <who> clauses, returning =n (stop)
=> search access denied by =n
Is this the correct idea for implementing the ACL?
If not, how can I get the results I want?