Hi,
Am Fri, 28 Jun 2013 16:50:37 +0200
schrieb Ole <ole@free.de>:
> The ACL I try to use (according to [1]) is:
>
> access to dn.regex=".+,ou=([^,]+),ou=mail,dc=example,dc=tld$"
> by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld"
> write by * break
>
> but it doesn't take effect. After hours of thinking about the problem
> and searching in the internet I still can't get the poit.
I got it. The ACL should be:
access to dn.regex=".*ou=([^,]+),ou=mail,dc=example,dc=tld$"
by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write
by * break
The problem was, that ou=somedomain.tld,ou=mail,dc=example,dc=tld can't
be your base dn, if you use 'dn.regex=".+,ou=...' because it means the
there have to be at least one entry more. If you use '.*' instead of
'.+' and leave the ',' there doesn't has to be an entry.
So with this ACL you have access to 'ou=somedomain.tld,ou=mail,dc=example,dc=tld'
and to its subtree.
Regards,
Ole
Attachment:
signature.asc
Description: PGP signature