[Date Prev][Date Next] [Chronological] [Thread] [Top]

Sets in ACLs

I found an answer to a question about group recursion I posted a while
ago. The Answer is to use Sets... This feature is not very properly
documented and as such I am having a bit of trouble.

I have an acl like the following:
access to dn.regex="^(ou=[^,]+(,?[^,]*,?)*ou=directory)$"
  by set.regex="([cn=alter,$1])/uniqueMember* & user" write
  by set.regex="([cn=read,$1])/uniqueMember* & user" read

Which basically gives users access to a certain ou if they or their
group is listed in the read/alter groups below the ou. Anyway the above
entry works as expected. However if I alter the by set clauses to any
one of the following it does not work:

by set.regex="([cn=alter,]+[$1])/uniqueMember* & user" write
                          ^ Only change to concatenate instead
by set="([cn=alter,]+this])/uniqueMember* & user" write
      ^             ^ Can't I use "this" to expand to the ou? 
      No regex expansion

I am also wondering is there a this/children I can use to expand to the
set of all children of 'this'?

Thanks for your time.

Lee Jensen