[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem



On 10/29/05, Samuel Tran <stran@amnh.org> wrote:
> Feifei Jia wrote:
>
> >On 10/28/05, Samuel Tran <stran@amnh.org> wrote:
> >
> >
> >>On Fri, 2005-10-28 at 13:31 +0800, Feifei Jia wrote:
> >>
> >>
> >>>On 10/28/05, Samuel Tran <stran@amnh.org> wrote:
> >>>
> >>>
> >>>>On Thu, 2005-10-27 at 10:12 +0800, Feifei Jia wrote:
> >>>>
> >>>>
> >>>>>On 10/26/05, Samuel Tran <stran@amnh.org> wrote:
> >>>>>
> >>>>>
> >>>>>>On Wed, 2005-10-26 at 20:53 +0800, Feifei Jia wrote:
> >>>>>>
> >>>>>>
> >>>>>>>Hi there,
> >>>>>>>
> >>>>>>>What I want to do is:
> >>>>>>>
> >>>>>>>Let the RDN under ou=Admin,dc=com have write permission to the RDN
> >>>>>>>like uid=foo,ou=People,dc=com
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>Do you want any entries in ou=Admin,dc=com to be able to write to any
> >>>>>>entries in ou=People,dc=com?
> >>>>>>
> >>>>>>Sam
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>Yes, that's exactly what I want to do. Could you tell me how to acheive this?
> >>>>>
> >>>>>
> >>>>Try this:
> >>>>
> >>>>access to dn.subtree="ou=People,dc=com"
> >>>>        by dn.one="ou=Admin,dc=com" write
> >>>>
> >>>>Sam
> >>>>
> >>>>
> >>>>
> >>>If I want to use regex to let DN like
> >>>"uid=test,ou=Admin,dc=demo1,dc=com" can write to entries in
> >>>"ou=People,dc=demo1,dc=com", and change "demo1" to "([^,]+)" , what
> >>>should I do? It seems I cannot combine subtree with regex.
> >>>
> >>>
> >>>
> >>According to man slapd.access, this should work for you:
> >>
> >>access to dn.regex="^(.+,)?ou=People,dc=([^,]+),dc=com$"
> >>        by dn.one,expand="ou=Admin,dc=$1,dc=com"
> >>
> >>Let me know if it is fine.
> >>
> >>Sam
> >>
> >>
> >>
> >>
> >
> >It seems not work, only get "Insufficient access (50)" error :(
> >Maybe "dn,one" is not a good choice?
> >
> >
> Sorry I forgot the access field. It should be:
>
> access to dn.regex="^(.+,)?ou=People,dc=([^,]+),dc=com$"
>         by dn.one,expand="ou=Admin,dc=$1,dc=com" write
>
>
> --
> Sam
>

Actually, I did add "write" in the "by" clause that day. And I run
"slapd -d 128", it showed something like "access denied" :(

--
Thanks~