[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with ACL's



Tyler Gates wrote:
Hello,
   I'm having a hard time setting some ACL's for my particular setup. I
have a structure as follows: dn: uid=*,ou=people,dc=example,dc=com #
uid contains several unix/linux user ids dn:
cn=*,ou=groups,dc=example,dc=com # cn contains several unix/linux
groups. uid's (not the complete dn) are supplied to the memberUid fields

What I would like to do is place an organizationalRole in each group
and have ACL's setup so that it's uniqueMembers have access to certain
attrs (say for example sn) for the uid's (which correspond to those in
ou=people) specified in the memberUid fields of the group in which the
organizationalRole is placed.

psuedo code would be something as follows:

access to
group/posixAccount/memberUid.regex("cn=(.*),ou=groups,dc=example,dc=com")
attrs sn by
group/organizationalRole/uniqueMembers/.regex("cn=admin,cn=$1,ou=groups,dc=example,dc=com")
write

Thanks,
    Tyler


Hi,

you can use sets for this:

   access to dn.regex="^(cn=[^,]+,ou=groups,dc=example,dc=com)$"
   attrs="sn"
      by set.expand="[cn=admin,$1]/memberUid & user/uid" write


Regards,
Christian