[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: idea for access rules



> On Sun, 2010-02-21 at 13:26 +0100, masarati@aero.polimi.it wrote:
>> > I am searching for a rule like this:
>> >
>> > access
>> >   to "cn=[^,]+,ou=data1,ou=data" attrs="attr1,attr2,attr3"
>> >   by dnattr="owner of node ou=data1,ou=data" write
>>
>> Try
>>
>> access to dn.children="ou=data1,ou=data"
>>         by set="[ou=data1,ou=data]/owner & user" write
>
> Thanks for this hint. The man page for slapd.access currently says
> "The statement set=<pattern> is undocumented yet". Is there anywhere
> else a detailed documentation for this?

Yes, it's very well hidden here
<http://www.openldap.org/faq/data/cache/1133.html> :)  Updating
slapd.access(5) has been on the todo list for long time...

> Especially, can I use regular expressions?

Yes, you should be able to figure out the syntax yourself from that link.

> Because my real need would
> be something like this:
>
> access
>   to dn.children="(ou=[^,]+,ou=data)"
>   by set="[$1]/owner & user" write
>
> so that I do not have to define a rule for each dataX-subtree...

p.