[Date Prev][Date Next]
Re: ACLs, groups, and regular expressions... oh my
man, 2003-03-10 kl. 08:58 skrev Dieter Kluenter:
> > I have been trying to formulate an acl that will allow read access to the
> > ldap server, if they are a member of any of the groups.
> > Here is the acl I came up with:
> > access to *
> > by group="cn=(.*),dc=example,dc=com read
> > by anonymous bind
> > by * none
> > Now as I see it anybody that is a member of any group there should get
> > read access to the box. However, that of course, is not happening.
> No, you don't have a group entry. Better use the dn.subtree
> statement. See man (5) slapd.access
Just as a matter of interest, so-called dnstyles don't work on my 2.1.x
servers when I use regexes - as above. E.g. 'dn.children' doesn't work
with regexes (does without), though things like 'attr=children' *do*
Anyone else with the same experience?
All the world is mad, exceptin thee and me
and even thee's a little queer