[Date Prev][Date Next]
Re: idea for access rules
> On Sun, 2010-02-21 at 13:26 +0100, firstname.lastname@example.org wrote:
>> > I am searching for a rule like this:
>> > access
>> > to "cn=[^,]+,ou=data1,ou=data" attrs="attr1,attr2,attr3"
>> > by dnattr="owner of node ou=data1,ou=data" write
>> access to dn.children="ou=data1,ou=data"
>> by set="[ou=data1,ou=data]/owner & user" write
> Thanks for this hint. The man page for slapd.access currently says
> "The statement set=<pattern> is undocumented yet". Is there anywhere
> else a detailed documentation for this?
Yes, it's very well hidden here
<http://www.openldap.org/faq/data/cache/1133.html> :) Updating
slapd.access(5) has been on the todo list for long time...
> Especially, can I use regular expressions?
Yes, you should be able to figure out the syntax yourself from that link.
> Because my real need would
> be something like this:
> to dn.children="(ou=[^,]+,ou=data)"
> by set="[$1]/owner & user" write
> so that I do not have to define a rule for each dataX-subtree...