[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex

Hash: SHA1

You;ll find the answer here:


and here:




> Hi all,
> I am just beginning to learn the syntax for access control with slapd.
> My question pertains to group regex's. The administrators manual and the
> slapd.access man page leave me a little confused.
> Quote from the slapd.access man page:
> ------------------------------------------------------------------------
> The statement dn=<pattern> means that access is granted to the matching
> DN.  The optional style qualifier dnstyle allows the  same  choices  of
> the  dn	form of the <what> field.  In addition, the regex form of
> pattern can exploit substring substitution of  submatches  in  the
> <what> dn.regex  clause  by using the form $<digit>, with digit ranging
> from 1 to 9.
> ------------------------------------------------------------------------
> Do the submatches work for groups also. For instance, take the following:
> -------------------------------------------------------------
> access to dn="cn=(.+),dc=example,dc=com"
> by group.regex="cn=$1,cn=test,dc=example,dc=com" write
> by * read
> access to * by * read
> -------------------------------------------------------------
> If they do indeed work for group.regex, then I would expect that access
> to an entry "cn=penguin,dc=example,dc=com" would be writable by the
> group "cn=penguin,cn=test,dc=example,dc=com" right?
> I tried this and it didn't work. I get insuficient rights errors when
> attempting to add an entry. Any help understanding this is appreciated.
> I'm running openldap-2.1.21 on Linux(Fedora Core 1).
> Also, does anyone know of a good book that covers access control in
> detail, or maybe links to some good tutorials or articles.
> Thanks,
> --
> Matt M.

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)