[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control question

I wrote:
> Do you know how I could implement that? Alternatively, is there any more
> documentation for sets than is in the faq-o-matic? Some more
> configuration examples would be very welcome. Does anyone have a config
> file they'd be willing to share?

Many thanks to Hallvard B Furuseth who helped me to this rule:

access to dn.regex=",ou=([^,]+),ou=projects,...$"
  by set.expand="[cn=administrators,ou=$1,ou=projects,...]/member* & user" write
  by set.expand="[cn=readers,ou=$1,ou=projects,...]/member* & user" read
  by set.expand="[cn=readers,ou=$1,ou=projects,...]/objectClass" none
  by * read

(For OpenLDAP 2.2, use set.regex instead of set.expand.)

** Dave Holland ** Systems Support -- Special Projects Team **
** 01223 496923 ** Sanger Institute, Hinxton, Cambridge, UK **