[Date Prev][Date Next]
Re: regex in group ACL
Pierangelo Masarati wrote:
François Beretti wrote:
One of my access control command in slapd.conf does not work. I would
like to know why.
access to filter="(objectClass=enatelSSOStorage)" dn.regex="*"
Assuming you're using OpenLDAP 2.2, "group.regex" is no longer
supported (as it was doing something completely different from
regexec'ing). See slapd.access(5) for details (and a replacement of
what you intend it to do).
Note that even the dn.regex="*" doesn't look so correct to me; I'd
rather use dn.regex=".*".
Finally, in case of match, you should rather use "$0", because "$1"
refers to the first submatch (i.e. enclosed between brackets, and you
don't use any brackets in the dn regex.
So your rule should rather look like
access to filter="(objectClass=enatelSSOStorage)" dn.regex=".*"
Thank you very much for your answer, Pierangelo
I am using openldap 2.1.29 as it is packaged for fedora. The "expand"
keyword doesn't seem to be supported in this version. Is it possible to
do what I want ?
I know, you're going to tell me "you should consider upgrading to
2.2.17". But I am writing software for customers who often use OpenLDAP
2.1.x, and I would really like my ACL to work with it.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497