[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regex access problem in slapd.conf

To: <tonni@billy.demon.nl>
Subject: Re: Regex access problem in slapd.conf
From: "Paul Wilson" <elviscious@rmci.net>
Date: Fri, 3 Jan 2003 11:54:17 -0700 (MST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1041612130.13074.52.camel@localhost>
References: <30190.216.222.9.41.1041589923.squirrel@webmail.rmci.net> <1041601980.10743.34.camel@localhost> <1041612130.13074.52.camel@localhost>

I have actually tried the regex you mentioned ([^,]*) with no success either.

You also mentioned that the uid and the cn aren't the same, which is true.
 In fact, I have actually dumbed down what I am really trying to do,
hoping to get a first step towards solving my real problem.

The real uids are in the form of an email address, ie.
uid=memphis@someorg.org, blah blah blah.  The cn is a group, in the form
of the domain, ie. cn=someorg.org, blah blah blah.  So my original regex
was more along the lines of:
access to * by dn=uid=([a-zA-Z0-9]*)@(.*),ou=Users,o=ORG,c=US

I'll try your example just to make sure, since it was some late night work
last night, but I'm quite sure that I have used that one and it did not
populate the vars either.

thanks
pmw

> fre, 2003-01-03 kl. 14:53 skrev Tony Earnshaw:
>
>> fre, 2003-01-03 kl. 11:32 skrev Paul Wilson:
>>
>> I'm sure many others will reply, but as far as I can see from
>> slapd.conf and the debug output, you are trying to equate uid with cn.
>> They aren't the same.
>>
>> The regex stuff works perfectly for me with 2.1.5 to 2.1.10, but it is
>> advisable to be consequent ...
>
>> access to * by dn="uid=(.*),ou=Users,o=ORG,c=US"
>> group="cn=$1,ou=Users,o=ORG,c=US" write by
>> dn="uid=Manager,ou=Users,o=ORG,c=US" write by anonymous auth
>>
>> The problem that I am having is that the $1 variable is not being
>> populated.  As I understand regular expressions, the (.*) should match
>> on any pattern.
>
> Hmmm ... looking at it again, the slapd.conf syntax isn't Kosher,
> either.
>
> access to dn="cn=([^,]+),ou=Users,o=ORG,c=US"
>   by anonymous auth
>   by dn="cn=$1,ou=Users,o=ORG,c=US" read (i.e. "by self read")
>   by group="cn=Managers,ou=Users,o=ORG,c=US" write
>   by * none
>
> The above is trash, I realize, but the syntax is o.k. as an example.
>
> The indents and paraphrazing are important - don't put comments (like I
> have done) or newlines or anything else in your rules.
>
> Best,
>
> Tony
>
> --
>
> Tony Earnshaw
>
> When all's said and done ...
> there's nothing left to say or do.
>
> e-post:		tonni@billy.demon.nl
> www:		http://www.billy.demon.nl

Follow-Ups:
- Re: Regex access problem in slapd.conf
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- Regex access problem in slapd.conf
  - From: "Paul Wilson" <elviscious@rmci.net>
- Re: Regex access problem in slapd.conf
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: Regex access problem in slapd.conf
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: daemon: bind(6) failed errno=98 (Address already in use)
Next by Date: Re: host attribute can't be added in OpenLDAP 2.1.x
Index(es):
- Chronological
- Thread