[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AW: Regex access problem
At 11:16 AM 5/6/2004, Karlheinz Toni wrote:
>> -----Ursprüngliche Nachricht-----
>> Von: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
>> Gesendet: Donnerstag, 6. Mai 2004 19:43
>> An: Karlheinz Toni
>> Cc: openldap-software@OpenLDAP.org
>> Betreff: Re: Regex access problem
>>
>> At 06:25 AM 5/6/2004, Karlheinz Toni wrote:
>> >Hi there,
>> >
>> >my ldap has the following structure
>> >
>> >dc=de
>> >---dc=test
>> >------ou=users
>> >---------cn=peter
>> >---------cn=charly
>> >---------cn=juergen
>> >------ou=contexts
>> >---------ou=peter
>> >---------ou=charly
>> >---------ou=juergen
>> >
>> >I wonder how to allow each entry in the users-hierarchy write access
>> >only the according entry in the contexts-hierarchs?
>> >
>> >I tried:
>> >
>> >access to dn.regex="^cn=.*,ou=users,REST$" attrs=entry,children
>> > by dn.regex="^ou=$1,ou=contexts,REST$" write
>>
>> It seems you have your subject and target reversed. Maybe something
>> like this...
>> access to dn.regex="^([^,]+,)*cn=([^,]+),ou=contexts,REST$"
>> by dn.regex="^ou=$2,ou=users,REST$" write
>>
>> Kurt
>
>Hi there,
>
>of course Kurt was right, I mixed the two up.. :(. But it still does not
>work.
Suggest you use the server logs to figure out what's going astray...
>I tried your suggestion and
>
>access to dn.regex="^ou=.+, ou=contexts,REST$" attrs=entry,children
> by dn.regex="^cn=$1, ou=users,REST$" write
>
>but none seems to work...
Those regexes cannot possibly match any DN string due to the extra
space of the RDN separator (','). (I also assume REST is actually
replaced with the rest of these DN strings.)