[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Access Control


As said earlier, I am one of the many newbies.

And I would be surprised if 
> cn=App1,cn=Torgeir,ou=people,ou=groups,dc=billy,dc=demon,dc=nl
> access to dn=".*,cn=(.*),ou=people,ou=groups,dc=billy,dc=demon,dc=nl"
>         attrs=entry,children
>         by anonymous auth
>         by dn="cn=Admin,dc=billy,dc=demon,dc=nl" write
>         by dn="cn=$1,ou=people,ou=groups,dc=billy,dc=demon,dc=nl" write
> #

would allow cn=(.*),ou=people,ou=groups,dc=billy,dc=demon,dc=nl
to be managed with this rule !

Isn't that what was requested ? That the user can modify it's own 
entry AND it's children ?

The regex u are using, will never match
cn=Billy Da Kat,ou=people,ou=groups,dc=billy,dc=demon,dc=nl
as far as I understand it.

I just want to clarify this, can you confirm ?