[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap ACLS with regex

Buchan Milne escreveu:
On Tuesday, 15 May 2007, Jeronimo Zucco wrote:
Now it is working, with the following ACL:

access to
by dn.regex="uid=$2,.*,ou=People,dc=suffix$" write

If this one works, it conflicts the the example user DNs you supplied (where you had a cn value in the user's addressbook container matching the uid naming attribute in their DN).

And, even if it does work, it is, as I noted on IRC, horribly insecure. Your users can not expect *any* privacy with this regex.
Yes, I'm working for migrate aplications to use PersonalAddressBook under the user entry. Until there, I will use this acls.
If you can't sanitise the DNs in your examples without confusing the issue, maybe you should post the real DNs, so that people help you with the problem you have, not the one you think you have ...

I'm sorry if I wasn't able to explain correct my structure, it was my fault. It wasn't my intention. Thank you for help to all.

-- Jeronimo Zucco LPIC-1 Linux Professional Institute Certified Núcleo de Processamento de Dados Universidade de Caxias do Sul