[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: regex in group ACL

François Beretti wrote:

Pierangelo Masarati wrote:

well, the rest of my comments apply to 2.1; in that case, you need to do

access to filter="(objectClass=enatelSSOStorage)" dn.regex=".*" attrs="entry"
by group/enatelSSOAccountDelegation/enatelUserEntityObject.regex="cn=test1,cn=test2,$0" read

Pierangelo, thank you for your answer.

With 2.1.29, $0 in group.regex did not work for me, so I used dn.regex="(.*)" and $1 in group.regex and it worked.

Sorry about that. I think it should work, I'll investigate further (if 2.2 behaves the same; 2.1 is not maintained any more)

But the next step was to use wild cards in my group.regex line, and they seem not to be interpreted by slapd. Am I right ?

They don't work by design. That's why the (misleading) "regex" style name has been deprecated and removed in 2.2.
What happens in the pattern is regex __substring_expansion__, not __match__. As such, the string resulting from pattern expansion must match exactly the identity DN that is authorized for that operation. If you need further expansion and matching, you may look at sets, although I don't know if they can help you.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497