[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs, groups, and regular expressions... oh my


"Paul Wilson" <elviscious@rmci.net> writes:

> I have been trying to formulate an acl that will allow read access to the
> ldap server, if they are a member of any of the groups.
> Here is the acl I came up with:
> access to *
>    by group="cn=(.*),dc=example,dc=com read
>    by anonymous bind
>    by * none

> Now as I see it anybody that is a member of any group there should get
> read access to the box.  However, that of course, is not happening.

No, you don't have a group entry. Better use the dn.subtree
statement. See man (5) slapd.access

Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com