[Date Prev][Date Next] [Chronological] [Thread] [Top]

dnattr access rule


I need to grant access to an entry (and its children) to another entry of my ldap that is listed in a specific attribute.

I have:


This entry has a seeAlso attribute, which contains the DN of a user able to modify it.

seeAlso: uid=bar,ou=users,dc=domain,dc=tld

I want to make uid=bar,ou=users able to modify cn=foo,ou=people and able to add children to it. The following access rule doesn't seem to be right:

access to dn="^.*cn=([^,]+),ou=people,dc=domain,dc=tld$"
	by dnattr=seeAlso write
	by *	none

Can you give me help for this please? Thanks for feedback.