[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help with regexp substring capturing in 'filter' ACL clause

	I am trying to write an access control stanza that would
generalize over multiple groups, to replace a set of specific ones, one
per group.

	Here is what I have been using so far (we use custom schema,
cscfPersonGroupDN is an attribute in it):

access to filter=(cscfPersonGroupDN=cn=somegroup,dc=example,dc=com) attr=uidNumber
       by self read
       by dn="cn=somegroup,dc=example,dc=com" read
       by * -w break

	and it works fine. However, I need one of these for each group.
I tried to replace it with something like:

access to filter=(cscfPersonGroupDN=cn=(.*),dc=example,dc=com) attr=uidNumber
       by self read
       by dn="cn=$1,dc=example,dc=com" read
       by * -w break

	and it doesn't work. Is there any way to do substring capture
within the 'filter' clause? Can anyone help me?

|  Victor  Danilchenko  | Don't criticize a man until you've walked |
| danilche@cs.umass.edu | a mile in his moccasins -- then you'll be |
|   CSCF   |   5-4231   | a mile away, and you will have his shoes. |