[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regexp in rootdn and set-resolving of monitor attr

Kilian Röhner writes:
> 1. Is it possible to specify a regexp as rootdn?

No, but if you use SASL (e.g. ldapsearch -H ldapi:// -QY EXTERNAL) or
proxy auth, then you can use authz-regexp to rewrite multiple DNs to
a single one which you then can use as rootDN.

> 2. In an access-rule, i have a set like:
> by set="(user + ([cn=Current,cn=Time,cn=Monitor]/monitorTimestamp)) &
> (this/modifiersName + this/createTimestamp)" write

You want to let bound users write to entries they created this second?
Cool, but fragile since the creation might happen at the end of the
second, and the next write op next second.

> But it seems, that the Monitor-Part isn't resolved correctly (returns
> empty and thus empty for the whole set).