[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Let "self" create new entries

To: openldap-software@openldap.org
Subject: Re: Let "self" create new entries
From: Wolfgang Lorenz <wl-chmw@gmx.de>
Date: Wed, 6 May 2009 00:13:51 +0200
In-reply-to: <5C9BEA741A41E41A26341854@wp>
References: <20090503041459.10ea2200@Mike> <5C9BEA741A41E41A26341854@wp>

Thank you,

I've found a way to achieve exactly what I wanted:

# self may write subentries no one else may read...
access to dn.regex="^(.+,)+uid=([^,]+),ou=people,dc=example,dc=com$"
	by dn.regex="^uid=$2,ou=people,dc=example,dc=com$$" write
# all may read family contacts (self may write)
access to dn.one="ou=people,dc=example,dc=com"
	by self write
	by users read
access to dn.base="ou=people,dc=example,dc=com"
	by users read
access to dn.base="dc=example,dc=com"
	by users read

Okay, that's not what you did, but I've found an explanation of the
regex-usage while searching for the self.level{<number>} syntax. Well,
it's in the man pages of slapd.access and I should have looked there
earlier, but I just didn't expect the possibility to use captures.

Cheers,
  Wolfgang

Follow-Ups:
- Re: Let "self" create new entries
  - From: Sean Burford <unix.gurus@gmail.com>

References:
- Let "self" create new entries
  - From: Wolfgang Lorenz <wl-chmw@gmx.de>
- Re: Let "self" create new entries
  - From: Bill MacAllister <whm@stanford.edu>

Prev by Date: Re: slapd-meta and paged results control
Next by Date: Re: openldap2.4.16 and BDB4.7 not sync configured as provider/consumer
Index(es):
- Chronological
- Thread