[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: regex in group ACL

François Beretti wrote:


One of my access control command in slapd.conf does not work. I would like to know why.

Here it is :

access to filter="(objectClass=enatelSSOStorage)" dn.regex="*" attrs="entry"
by group/enatelSSOAccountDelegation/enatelUserEntityObject.regex="cn=test1,cn=test2,$1" read

Assuming you're using OpenLDAP 2.2, "group.regex" is no longer supported (as it was doing something completely different from regexec'ing). See slapd.access(5) for details (and a replacement of what you intend it to do).
Note that even the dn.regex="*" doesn't look so correct to me; I'd rather use dn.regex=".*".
Finally, in case of match, you should rather use "$0", because "$1" refers to the first submatch (i.e. enclosed between brackets, and you don't use any brackets in the dn regex.
So your rule should rather look like

access to filter="(objectClass=enatelSSOStorage)" dn.regex=".*" attrs="entry"
by group/enatelSSOAccountDelegation/enatelUserEntityObject.expand="cn=test1,cn=test2,$0" read


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497