[Date Prev][Date Next] [Chronological] [Thread] [Top]

Sets in ACLs

To: openldap-software@OpenLDAP.org
Subject: Sets in ACLs
From: Lee Jensen <lee_jensen@sento.com>
Date: Mon, 28 Feb 2005 09:25:34 -0700

I found an answer to a question about group recursion I posted a while
ago. The Answer is to use Sets... This feature is not very properly
documented and as such I am having a bit of trouble.

I have an acl like the following:
access to dn.regex="^(ou=[^,]+(,?[^,]*,?)*ou=directory)$"
  attrs=entry
  by set.regex="([cn=alter,$1])/uniqueMember* & user" write
  by set.regex="([cn=read,$1])/uniqueMember* & user" read

Which basically gives users access to a certain ou if they or their
group is listed in the read/alter groups below the ou. Anyway the above
entry works as expected. However if I alter the by set clauses to any
one of the following it does not work:

by set.regex="([cn=alter,]+[$1])/uniqueMember* & user" write
                          ^ Only change to concatenate instead
by set="([cn=alter,]+this])/uniqueMember* & user" write
      ^             ^ Can't I use "this" to expand to the ou? 
      No regex expansion

I am also wondering is there a this/children I can use to expand to the
set of all children of 'this'?

Thanks for your time.

Lee Jensen

Follow-Ups:
- Re: Sets in ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Sets in ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: RE: Size Limits
Next by Date: monitor problem
Index(es):
- Chronological
- Thread