[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs, groups, and regular expressions... oh my



man, 2003-03-10 kl. 19:38 skrev Paul Wilson:

> I've already tried that and it didn't work.  And as I added in a followup,
> this acl worked fine if I specify the domain.  The regular expression is
> just not being matched for some reason.
> 
> Any other ideas?

Yes, in the style of "It Works for Me(tm)". You really *do* have to make
the group.

GQ ldif group output:

dn: cn=peoplemanagers,ou=people,ou=groups,dc=example,dc=org
objectClass: top
objectClass: groupOfNames
cn: peoplemanagers
ou: ou=peoplemanagers,ou=groups,dc=example,dc=org
member: cn=frigget,ou=people,ou=groups,dc=example,dc=org
member: cn=horde,ou=people,ou=groups,dc=example,dc=org
member: cn=togget,ou=people,ou=groups,dc=example,dc=org

ACL rule:

access to dn="cn=.*,cn=(.*),ou=people,ou=groups,dc=example,dc=org"
  by dn="cn=$1,ou=people,ou=groups,dc=example,dc=org" write
  by group="cn=peoplemanagers,ou=people,ou=groups,dc=example,dc=org" \
     write
  
Do NOT use a "\" as delimiter in your ACL! Keep everything on one line.

"Why have I got such a strange ACL RDN?" See line 1, above.

Best,

Tony

-- 

Tony Earnshaw

All the world is mad, exceptin thee and me
and even thee's a little queer

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl