[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Let "self" create new entries

Am Wed, 6 May 2009 12:39:10 -0700
schrieb Sean Burford <unix.gurus@gmail.com>:

> On Tue, May 5, 2009 at 3:13 PM, Wolfgang Lorenz <wl-chmw@gmx.de>
> wrote:
> > Thank you,
> >
> > I've found a way to achieve exactly what I wanted:
> >
> > # self may write subentries no one else may read...
> > access to dn.regex="^(.+,)+uid=([^,]+),ou=people,dc=example,dc=com$"
> >        by dn.regex="^uid=$2,ou=people,dc=example,dc=com$$" write
> Where possible I would use the self.level{-1} syntax in preference of
> regexes since it is more descriptive.  It also doesn't depend on the
> stability and performance of the OS regex libraries (which use a lot
> of malloc/frees).

But the regex-way gives me the possibility to give write access to the
whole subtree of the binddn, whereas I wouldn't know how to do this
using self.level...

Anyway, I don't expect many ldap-requests, what makes me think, that I
can spare some mallocs and frees. ;-) But I can see, that this might be
a problem on a bigger system with much more users, than mine.