[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About ACL

ludovico.basili@poste.it writes:

I have already wroten a message, but I think I couldn't explain my problem clearly.
I would like to define an ACL that permits to a user defined in a position in the tree to read only a subtree whose root position depends on the position of the user.
For example, if the user is cn=foo,ou=People,o=XYZ
he can read everywhere under
If the user is cn=me,ou=Something,ou=People,o=XYZ
he can read everywhere under
The users are added/removed by my application at runtime, so I would like to have the privileges been assigned to new users without restarting slapd. Is it possible ?

try something like

access to dn=".+,ou=([^,]+),ou=People,o=XYZ"
by dn="cn=[^,]+,ou=$1,ou=People,o=XYZ" read


Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati