[Date Prev][Date Next]
Re: regex in group ACL
François Beretti wrote:
Pierangelo Masarati wrote:
well, the rest of my comments apply to 2.1; in that case, you need to do
access to filter="(objectClass=enatelSSOStorage)" dn.regex=".*"
Pierangelo, thank you for your answer.
With 2.1.29, $0 in group.regex did not work for me, so I used
dn.regex="(.*)" and $1 in group.regex and it worked.
Sorry about that. I think it should work, I'll investigate further (if
2.2 behaves the same; 2.1 is not maintained any more)
But the next step was to use wild cards in my group.regex line, and
they seem not to be interpreted by slapd. Am I right ?
They don't work by design. That's why the (misleading) "regex" style
name has been deprecated and removed in 2.2.
What happens in the pattern is regex __substring_expansion__, not
__match__. As such, the string resulting from pattern expansion must
match exactly the identity DN that is authorized for that operation. If
you need further expansion and matching, you may look at sets, although
I don't know if they can help you.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497