[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs, groups, and regular expressions... oh my

man, 2003-03-10 kl. 08:58 skrev Dieter Kluenter:

> > I have been trying to formulate an acl that will allow read access to the
> > ldap server, if they are a member of any of the groups.
> >
> > Here is the acl I came up with:
> >
> > access to *
> >    by group="cn=(.*),dc=example,dc=com read
> >    by anonymous bind
> >    by * none
> > Now as I see it anybody that is a member of any group there should get
> > read access to the box.  However, that of course, is not happening.
> No, you don't have a group entry. Better use the dn.subtree
> statement. See man (5) slapd.access

Just as a matter of interest, so-called dnstyles don't work on my 2.1.x
servers when I use regexes - as above. E.g. 'dn.children' doesn't work
with regexes (does without), though things like 'attr=children' *do*

Anyone else with the same experience?




Tony Earnshaw

All the world is mad, exceptin thee and me
and even thee's a little queer

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl