[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL (Regex) help needed


I have the following structure:


cn=foobar likes like:

dn: foobar,ou=aliases,dc=domain1,ou=mail,ou=services,ou=department,dc=domain,dc=foo
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: top
cn: admin
sn: admin
description: added_by_dekanat
mailLocalAddress: sysop@department.domain.foo
mailRoutingAddress: foobar@department.domain.foo

At the moment I have one role "mail" that has access to:

dn.sub="ou=mail,ou=services,ou=department,dc=domain,dc=foo" read

it works as expected, the mailserver can read all entries. 

Now I want to create a role, who has permissions to delete/add/modify all entries below ou=aliases, from all domains (dc=domain,ou=mail...), but only, if "description: <string>" is found (for delete/modify only, but not for add).

Is that possible?

Otherwise, how does it look, if I throw the idea with "only if" ?

cu denny