[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: idea for access rules



On Sun, 2010-02-21 at 13:26 +0100, masarati@aero.polimi.it wrote:
> > I am searching for a rule like this:
> >
> > access
> >   to "cn=[^,]+,ou=data1,ou=data" attrs="attr1,attr2,attr3"
> >   by dnattr="owner of node ou=data1,ou=data" write
> 
> Try
> 
> access to dn.children="ou=data1,ou=data"
>         by set="[ou=data1,ou=data]/owner & user" write

Thanks for this hint. The man page for slapd.access currently says
"The statement set=<pattern> is undocumented yet". Is there anywhere
else a detailed documentation for this?

Especially, can I use regular expressions? Because my real need would
be something like this:

access 
  to dn.children="(ou=[^,]+,ou=data)"
  by set="[$1]/owner & user" write

so that I do not have to define a rule for each dataX-subtree...

Thanks and regards
-stefan-