[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Let "self" create new entries

Thank you,

I've found a way to achieve exactly what I wanted:

# self may write subentries no one else may read...
access to dn.regex="^(.+,)+uid=([^,]+),ou=people,dc=example,dc=com$"
	by dn.regex="^uid=$2,ou=people,dc=example,dc=com$$" write
# all may read family contacts (self may write)
access to dn.one="ou=people,dc=example,dc=com"
	by self write
	by users read
access to dn.base="ou=people,dc=example,dc=com"
	by users read
access to dn.base="dc=example,dc=com"
	by users read

Okay, that's not what you did, but I've found an explanation of the
regex-usage while searching for the self.level{<number>} syntax. Well,
it's in the man pages of slapd.access and I should have looked there
earlier, but I just didn't expect the possibility to use captures.