[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL syntax with wildcards



Nick Milas wrote:
Hi,

We would like to use ACL statements of the form (used for illustration
purposes):

     access to dn.subtree="ou=people,dc=example,dc=com"
filter="(ou=xxxxx)"  attrs="someAttrs"
          by group.exact="cn=xxxxxAdmins,ou=Groups,dc=example,dc=com" write
          by group.exact="cn=allAdmins,ou=Groups,dc=example,dc=com" read
          by self read

where xxxxx is some string.

In essence, we assign people entries to various administrative groups,
depending on the value of the ou attribute of the entry.

Of course we can write many statements, one per ou value / admin group,
but it would be much more concise to use just one statement using wildcards.

Could someone please suggest if and how the above can be written
correctly, using e.g. regex?

If: yes.
How: RTFM.
http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20Common%20Examples

I appreciate any suggestions.

Thanks,
Nick




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/