[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs, groups, and regular expressions... oh my

I've already tried that and it didn't work.  And as I added in a followup,
this acl worked fine if I specify the domain.  The regular expression is
just not being matched for some reason.

Any other ideas?


> Hi,
> "Paul Wilson" <elviscious@rmci.net> writes:
>> I have been trying to formulate an acl that will allow read access to
>> the ldap server, if they are a member of any of the groups.
>> Here is the acl I came up with:
>> access to *
>>    by group="cn=(.*),dc=example,dc=com read
>>    by anonymous bind
>>    by * none
>> Now as I see it anybody that is a member of any group there should get
>> read access to the box.  However, that of course, is not happening.
> No, you don't have a group entry. Better use the dn.subtree
> statement. See man (5) slapd.access
> -Dieter
> --
> Dieter Kluenter  | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: dkluenter@schevolution.com
> http://www.schevolution.com/tour