[Date Prev][Date Next]
Re: ACLs, groups, and regular expressions... oh my
"Paul Wilson" <email@example.com> writes:
> I have been trying to formulate an acl that will allow read access to the
> ldap server, if they are a member of any of the groups.
> Here is the acl I came up with:
> access to *
> by group="cn=(.*),dc=example,dc=com read
> by anonymous bind
> by * none
> Now as I see it anybody that is a member of any group there should get
> read access to the box. However, that of course, is not happening.
No, you don't have a group entry. Better use the dn.subtree
statement. See man (5) slapd.access
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521