[Date Prev][Date Next]
Re: ldap ACLS with regex
Buchan Milne escreveu:
On Tuesday, 15 May 2007, Jeronimo Zucco wrote:Yes, I'm working for migrate aplications to use PersonalAddressBook
under the user entry. Until there, I will use this acls.
Now it is working, with the following ACL:
by dn.regex="uid=$2,.*,ou=People,dc=suffix$" write
If this one works, it conflicts the the example user DNs you supplied (where
you had a cn value in the user's addressbook container matching the uid
naming attribute in their DN).
And, even if it does work, it is, as I noted on IRC, horribly insecure. Your
users can not expect *any* privacy with this regex.
If you can't sanitise the DNs in your examples without confusing the issue,
maybe you should post the real DNs, so that people help you with the problem
you have, not the one you think you have ...I'm sorry if I wasn't able to explain correct my structure, it was my
fault. It wasn't my intention. Thank you for help to all.
LPIC-1 Linux Professional Institute Certified
Núcleo de Processamento de Dados
Universidade de Caxias do Sul