[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regexp in rootdn and set-resolving of monitor attr

Kilian Röhner writes:
>>> 1. Is it possible to specify a regexp as rootdn?
> (...)
> Would be nice for the future to have this (if this is the right place to
> say it).

If you want someone to remember, the right place is ITS
<http://www.openldap.org/its/>.  I doubt it'll happen anytime soon
unless someone like you contributes a patch though.

It couldn't be rootdn since that also has another function, allow Bind
with that and rootpw.  It could be 'rootaccess' or something, maybe
otherwise looking like an access statement.  But even then, OpenLDAP
internals would need some redesign.

> (...) The
> Problem is of course, that openldap has only "read" and "write" rules,
> while the last one usually implies that one can add, modify and delete.

No, "read" and "write" are shorthands for =dxcsr and =dxcsrwaz, as far
as I can see.  See 'THE <ACCESS> FIELD' in the slapd.access(5) manpage.

It helps to say what you want to achieve in addition to how you are
trying to achieve it...

> Anyone has an idea why the Monitor thing is not working?

Nope... might have a look later, it seems fine.