[Date Prev][Date Next]
Re: ACLs, groups, and regular expressions... oh my
I've already tried that and it didn't work. And as I added in a followup,
this acl worked fine if I specify the domain. The regular expression is
just not being matched for some reason.
Any other ideas?
> "Paul Wilson" <email@example.com> writes:
>> I have been trying to formulate an acl that will allow read access to
>> the ldap server, if they are a member of any of the groups.
>> Here is the acl I came up with:
>> access to *
>> by group="cn=(.*),dc=example,dc=com read
>> by anonymous bind
>> by * none
>> Now as I see it anybody that is a member of any group there should get
>> read access to the box. However, that of course, is not happening.
> No, you don't have a group entry. Better use the dn.subtree
> statement. See man (5) slapd.access
> Dieter Kluenter | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: firstname.lastname@example.org