On Tuesday, 15 May 2007, Jeronimo Zucco wrote: > Now it is working, with the following ACL: > > access to > dn.regex="^cn=(.*),ou=([^,]+),ou=PersonalAddressBook,suffix$" > by dn.regex="uid=$2,.*,ou=People,dc=suffix$" write If this one works, it conflicts the the example user DNs you supplied (where you had a cn value in the user's addressbook container matching the uid naming attribute in their DN). And, even if it does work, it is, as I noted on IRC, horribly insecure. Your users can not expect *any* privacy with this regex. If you can't sanitise the DNs in your examples without confusing the issue, maybe you should post the real DNs, so that people help you with the problem you have, not the one you think you have ... Regards, Buchan -- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgptICUXqaeob.pgp
Description: PGP signature