[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACI/ACL based on entry attribute values

To: "'Ugen'" <ugen@xonix.com>
Subject: RE: ACI/ACL based on entry attribute values
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 19 Dec 2002 16:27:55 -0800
Cc: <OpenLDAP-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3E024793.40509@xonix.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Ugen

> > Examples:
> >
> > access to targetattrmatch dn=".*$1$"
> >    by attrpick dn="(.*)" write
> >
> > I just let anyone above any entry have write access to
> > it's descendants.

This would be the equivalent

	access to dn=".*,(.*$)"
		by dn="$1" write

But neither my example nor yours would work in a practical environment since
regexp matches are greedy.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: ACI/ACL based on entry attribute values
  - From: Ugen <ugen@xonix.com>

References:
- Re: ACI/ACL based on entry attribute values
  - From: Ugen <ugen@xonix.com>

Prev by Date: Re: ACI/ACL based on entry attribute values
Next by Date: Re: OpenLDAP 2.1.9 on Alpha Linux
Index(es):
- Chronological
- Thread