[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control question

To: openldap-software@OpenLDAP.org
Subject: Re: access control question
From: Dave Holland <dh3@sanger.ac.uk>
Date: Fri, 15 Jul 2005 17:34:40 +0100
Content-disposition: inline
In-reply-to: <20050712083630.GR25788@sanger.ac.uk>
References: <20050707130036.GK25788@sanger.ac.uk> <87fyuqv9e5.fsf@rubin.l4b.de> <20050712083630.GR25788@sanger.ac.uk>
User-agent: Mutt/1.5.6+20040907i

I wrote:
> Do you know how I could implement that? Alternatively, is there any more
> documentation for sets than is in the faq-o-matic? Some more
> configuration examples would be very welcome. Does anyone have a config
> file they'd be willing to share?

Many thanks to Hallvard B Furuseth who helped me to this rule:

access to dn.regex=",ou=([^,]+),ou=projects,...$"
  by set.expand="[cn=administrators,ou=$1,ou=projects,...]/member* & user" write
  by set.expand="[cn=readers,ou=$1,ou=projects,...]/member* & user" read
  by set.expand="[cn=readers,ou=$1,ou=projects,...]/objectClass" none
  by * read

(For OpenLDAP 2.2, use set.regex instead of set.expand.)

Dave
-- 
** Dave Holland ** Systems Support -- Special Projects Team **
** 01223 496923 ** Sanger Institute, Hinxton, Cambridge, UK **

References:
- access control question
  - From: Dave Holland <dh3@sanger.ac.uk>
- Re: access control question
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: access control question
  - From: Dave Holland <dh3@sanger.ac.uk>

Prev by Date: Read Performance during Replication on Slave
Next by Date: Re: poor performance of OpenLDAP vs AD?
Index(es):
- Chronological
- Thread