[Date Prev][Date Next]
Re: dnattr access rule
man, 16.08.2004 kl. 12.57 skrev dju`:
> > You don't state your OL version; ACLs are sometimes different for
> > different versions.
> oops, i forgot. i'm running 2.1.30 (latest stable on gentoo).
> However, you could better make a groupOfNames or
> > groupOfUniqueNames and give that group write access. Works for me ;)
> well, in my case, one entry from ou=people will be only writable by a
> unique user, so i don't want to write as many ACL rules as ou=people
> entries in slapd.conf, and create a group for each ou=people entry.
> that's why i want to make a generic rule and use dnattr.
> actually i want to give access to a certain dn stored in the parent
> entry, and i believe dnattr is used on the entry i want to access to,
> and not its parent. so how could i:
> 1/ use $1 from dn="^.*cn=([^,]+),ou=people,dc=domain,dc=tld$"
> 2/ look at the seeAlso attribute of $1,ou=people,dc=domain,dc=tld
> 3/ give access to the dn stored in
> any hint to make it work please?
I guess, if you only want to grant a single dn privileges, something
access to dn.subtree=ou=people,dc=domain,dc=tld
by dn=cn=manager,ou=people,dc=domain,dc=tld write
Works for me (2.2 ;)
Not much point on granting rights to a single dn, without what's below
it, but you know what you want best. Try to avoid regexps where
My other notebook, a Compaq 700EA, is what my cats jump off my knee and
go and sit on, when they've had enough.