[Date Prev][Date Next]
Re: access control question
> Do you know how I could implement that? Alternatively, is there any more
> documentation for sets than is in the faq-o-matic? Some more
> configuration examples would be very welcome. Does anyone have a config
> file they'd be willing to share?
Many thanks to Hallvard B Furuseth who helped me to this rule:
access to dn.regex=",ou=([^,]+),ou=projects,...$"
by set.expand="[cn=administrators,ou=$1,ou=projects,...]/member* & user" write
by set.expand="[cn=readers,ou=$1,ou=projects,...]/member* & user" read
by set.expand="[cn=readers,ou=$1,ou=projects,...]/objectClass" none
by * read
(For OpenLDAP 2.2, use set.regex instead of set.expand.)
** Dave Holland ** Systems Support -- Special Projects Team **
** 01223 496923 ** Sanger Institute, Hinxton, Cambridge, UK **