[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tricky ACL

Title: Tricky ACL

Hello everyone,

I'm trying to figure out how to do a particularly tricky ACL.  Basically, I have a People branch and an Account branch.  The people branch has an attribute per entry called accountName which is the UID of their account in the account branch (the uid forms the dn of the account branch but the accountName attribute is just the uid, not the full dn).  People bind to the directory using their account entry, not their person entry.  I want to create an ACL such that a person bound to an account can read attributes associated with their person account.  I tried the following but slapd complained:

access to dn.subtree="cn=people,dc=uta,dc=edu"
attrs="entry,someAttribute,accountName val=$1"
by dn.regex="uid=(.*),cn=accounts,dc=uta,dc=edu" peername.regex="129.107.*" read

When I did this, it would complain of unknown attribute "accountName val=$1".

Is what I am trying to do even possible?

-- DK