[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACI/ACL based on entry attribute values

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Ugen

> > Examples:
> >
> > access to targetattrmatch dn=".*$1$"
> >    by attrpick dn="(.*)" write
> >
> > I just let anyone above any entry have write access to
> > it's descendants.

This would be the equivalent

	access to dn=".*,(.*$)"
		by dn="$1" write

But neither my example nor yours would work in a practical environment since
regexp matches are greedy.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support