[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regex access problem in slapd.conf

A single line fix in the line reading function will let you put comments
inside ACL rules (and any other "multiline" options).
Is anyone out there interested?

Tony Earnshaw wrote:

fre, 2003-01-03 kl. 14:53 skrev Tony Earnshaw:

fre, 2003-01-03 kl. 11:32 skrev Paul Wilson:

I'm sure many others will reply, but as far as I can see from slapd.conf
and the debug output, you are trying to equate uid with cn. They aren't
the same.

The regex stuff works perfectly for me with 2.1.5 to 2.1.10, but it is
advisable to be consequent ...

access to * by dn="uid=(.*),ou=Users,o=ORG,c=US"
group="cn=$1,ou=Users,o=ORG,c=US" write by
dn="uid=Manager,ou=Users,o=ORG,c=US" write by anonymous auth

The problem that I am having is that the $1 variable is not being
populated. As I understand regular expressions, the (.*) should match
on any pattern.

Hmmm ... looking at it again, the slapd.conf syntax isn't Kosher, either.

access to dn="cn=([^,]+),ou=Users,o=ORG,c=US"
 by anonymous auth
 by dn="cn=$1,ou=Users,o=ORG,c=US" read (i.e. "by self read")
 by group="cn=Managers,ou=Users,o=ORG,c=US" write
 by * none

The above is trash, I realize, but the syntax is o.k. as an example.

The indents and paraphrazing are important - don't put comments (like I
have done) or newlines or anything else in your rules.