[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs - match FDN to portion of attribute



> Hi Andrew
> I finally figured it out and here is what I did:
>
> ACL
> -----
> access to attrs=uofsGroupRole val.regex="^([^:]+):.+$"
>    by dn.exact,expand="${v1}" read
>    by * none
>
> Only attribute that contains users' dn within its value is available to
> said user. It works exactly the way I want it. Only difference from
> documentation is "${v1}" which explained here:
> http://www.openldap.org/lists/openldap-bugs/200811/msg00078.html if you
> are interested...

I've documented this feature in slapd.access(5), as part of ITS#5804.

Thanks, p.