[Date Prev][Date Next]
Re: Regex access problem in slapd.conf
fre, 2003-01-03 kl. 14:53 skrev Tony Earnshaw:
> fre, 2003-01-03 kl. 11:32 skrev Paul Wilson:
> I'm sure many others will reply, but as far as I can see from slapd.conf
> and the debug output, you are trying to equate uid with cn. They aren't
> the same.
> The regex stuff works perfectly for me with 2.1.5 to 2.1.10, but it is
> advisable to be consequent ...
> access to * by dn="uid=(.*),ou=Users,o=ORG,c=US"
> group="cn=$1,ou=Users,o=ORG,c=US" write by
> dn="uid=Manager,ou=Users,o=ORG,c=US" write by anonymous auth
> The problem that I am having is that the $1 variable is not being
> populated. As I understand regular expressions, the (.*) should match
> on any pattern.
Hmmm ... looking at it again, the slapd.conf syntax isn't Kosher,
access to dn="cn=([^,]+),ou=Users,o=ORG,c=US"
by anonymous auth
by dn="cn=$1,ou=Users,o=ORG,c=US" read (i.e. "by self read")
by group="cn=Managers,ou=Users,o=ORG,c=US" write
by * none
The above is trash, I realize, but the syntax is o.k. as an example.
The indents and paraphrazing are important - don't put comments (like I
have done) or newlines or anything else in your rules.
When all's said and done ...
there's nothing left to say or do.