[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL syntax with wildcards

On 27/3/2012 4:29 μμ, Joe Friedeggs wrote:

Assuming these org units are under ou=people, have you tried something like this?

Negative. ou here is an attribute of the entry, not a separate org unit.

That's why I haven't found a solution neither with regexp/expand nor with set/expand.

A solution seems to me possible only if ACL regex match/expand would be possible in filter, rather than in the <what> part, yet I don't think it's possible.

What I see as a solution is to add explicitly an owner attribute to each entry (with the appropriate owner DN) and create an ACL to test this attribute value.

Or this: http://www.openldap.org/lists/openldap-technical/201202/msg00344.html

But I still would like to have experienced people's feedback on this, before deciding.