[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group.regex

To: <pwadas@jewish.org.pl>
Subject: Re: group.regex
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 19 Apr 2004 08:21:22 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.21.0404190748100.11341-100000@kehillah.jewish.org.pl>
References: <200404182204.22366.ace@suares.nl> <Pine.LNX.4.21.0404190748100.11341-100000@kehillah.jewish.org.pl>

> Does anyone knows in which version this is/will be fixed? I'm currently
> using 2.1.29/i386/bdb 4.52.

Never, since it's not a bug, but the intended behavior.

p.

>
> Regards
> P.
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> You;ll find the answer here:
>>
>> 	http://www.openldap.org/lists/openldap-bugs/200310/msg00089.html
>>
>> and here:
>>
>> 	http://www.openldap.org/lists/openldap-software/200310/msg00328.html
>>
>> greetings,
>>
>>
>> _+Ace
>>
>>
>>
>> > Hi all,
>> >
>> > I am just beginning to learn the syntax for access control with
>> slapd. My question pertains to group regex's. The administrators
>> manual and the slapd.access man page leave me a little confused.
>> >
>> > Quote from the slapd.access man page:
>> > ------------------------------------------------------------------------
>> The statement dn=<pattern> means that access is granted to the
>> matching DN.  The optional style qualifier dnstyle allows the  same
>> choices  of the  dn	form of the <what> field.  In addition, the
>> regex form of pattern can exploit substring substitution of
>> submatches  in  the <what> dn.regex  clause  by using the form
>> $<digit>, with digit ranging from 1 to 9.
>> > ------------------------------------------------------------------------
>> >
>> > Do the submatches work for groups also. For instance, take the
>> following:
>> >
>> > -------------------------------------------------------------
>> > access to dn="cn=(.+),dc=example,dc=com"
>> > by group.regex="cn=$1,cn=test,dc=example,dc=com" write
>> > by * read
>> >
>> > access to * by * read
>> > -------------------------------------------------------------
>> >
>> > If they do indeed work for group.regex, then I would expect that
>> access to an entry "cn=penguin,dc=example,dc=com" would be writable
>> by the group "cn=penguin,cn=test,dc=example,dc=com" right?
>> >
>> > I tried this and it didn't work. I get insuficient rights errors
>> when attempting to add an entry. Any help understanding this is
>> appreciated. I'm running openldap-2.1.21 on Linux(Fedora Core 1).
>> >
>> > Also, does anyone know of a good book that covers access control in
>> detail, or maybe links to some good tutorials or articles.
>> >
>> > Thanks,
>> >
>> > --
>> > Matt M.
>>
>> - --
>> Ace Suares' Internet Consultancy
>> NIEUW ADRES: Postbus 2599, 4800 CN Breda
>> telefoon: 06-244 33 608
>> fax en voicemail: 0848-707 705
>> website: http://www.suares.nl * http://www.qwikzite.nl
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>>
>> iD8DBQFAgzOmy7boE8xtIjURAiL0AJ4hRIRcoi6328l+CX8hvVVV3WxeLACfb9Q5
>> Bit5JHwaBDumGz0Mm3elQGA=
>> =1y2Z
>> -----END PGP SIGNATURE-----
>>
>>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Re: group.regex
  - From: Ace Suares <ace@suares.nl>
- Re: group.regex
  - From: Piotr Wadas <pwadas@jewish.org.pl>

Prev by Date: Re: group.regex
Next by Date: Re: slapd.conf include with globbing?
Index(es):
- Chronological
- Thread