Re: ldap ACLS with regex

[Jeronimo Zucco <jczucco@ucs.br>]

Sam Tran escreveu:
> access to dn.regex="^ou=ImpPrefs,uid=([^,]+),ou=People,dc=domain,dc=br$"
> attrs=children
>      by dn.regex,expand="uid=$1,ou=people,dc=domain,dc=br" write
>      by * none
>
> access to dn.regex="^cn=([^,]+),ou=PersonalAddressBook,dc=domain,dc=br$"
> attrs=children
>      by dn.regex,expand="uid=$1,ou=people,dc=domain,dc=br" write
>      by * none
>
> Sam

Thanks for the help for everyone.

ImpPrefs works ok with:

access  to dn.regex="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br$"
       by dn.exact,expand="uid=$1,$2,ou=People,dc=domain,dc=br"   write
       by *                                            none


But PersonalAddressBook still with problems.

With:
access to 
dn.regex="^cn=([^,]+),ou=PersonalAddressBook,dc=domain,dc=br$"  
attrs=children
    by dn.regex,expand="uid=$1,ou=people,dc=domain,dc=br" write
    by * none

Everyone access PersonalAddressBook from others.

With:
access to dn.regex="^.*,(uid=[^,]+,.+,ou=People,dc=domain,dc=br)$"
by dn.exact,expand="$1" write

Is to much permissive, I guess.

I try also:
access  to dn.regex="ou=([^,]+),ou=PersonalAddressBook,dc=domain,dc=br$"
       by dn.exact,expand="uid=$1,.*"               write
       by anonymous                       read

Not work.


access  to dn.regex="^.*,ou=([^,]+),ou=PersonalAddressBook,dc=domain,dc=br$"
       by dn.exact,expand="uid=$1,.*"             write
       by anonymous                                                read

not work either :-(


This is an ACL mistery :-)

If you have more suggestions, I will apreciate.


--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
Núcleo de Processamento de Dados
Universidade de Caxias do Sul

http://jczucco.blogspot.com