[Date Prev][Date Next] [Chronological] [Thread] [Top]

filter acl regex


I am looking for help with an ACL.  What I would like to do, is determine
the name of a group that I will be searching for members of, based on an
attribute in the username.

For example, suppose you have the following user entries, that contain an
attribute that we will call groupname.

dn: cn=user1,ou=users,o=mydomain.com
groupname: group1

dn: cn=user2,ou=users,o=mydomain.com
groupname: group2

Then, I have some groups.

dn: cn=group1,ou=users,o=mydomain.com
member: cn=user1,ou=users,o=mydomain.com

dn: cn=group2,ou=groups,o=mydomain.com
member: cn=user2,ou=users,o=mydomain.com

Is there a way to use the value of a filter in the what section, to be
re-used in the who section of the ACL?

For example:

access to dn.children="ou=users,o=mydomain.com" filter=(groupname=(.+))
	by group.expand="cn=$1,ou=groups,o=mydomain.com" write

Or any other way to do something similar?  Basically, I want to capture
the value of an attribute in the user and use that as part of the group to
search for members of.

Is that possible?

Thanks in advance for any suggestions you might have.