[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: <attrlist> syntax in ACLs

To: <openldap-technical@openldap.org>
Subject: Re: <attrlist> syntax in ACLs
From: Pierangelo Masarati <pierangelo.masarati@polimi.it>
Date: Tue, 14 Oct 2014 09:57:58 +0200
In-reply-to: <543CD240.70905@polimi.it>
References: <CAJoHRig7FvOSuQ-tGV2dOOCZBZks-aUc12sCAoS=0c6vu5voWA@mail.gmail.com> <543CD240.70905@polimi.it>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2

On 10/14/2014 09:35 AM, Pierangelo Masarati wrote:

On 10/14/2014 09:03 AM, Nikos Voutsinas wrote:

Hi all,

Although I suspect what the answer would be, I thought It might be a
good idea to confirm with the list.

Is the following <attrlist> clause in OpenLdap's ACLs syntax valid;

<attr1> [val[.<basic-style>]=<regex>],<attr2>

e.g.
to dn.subtree="ou=People,dc=foo,dc=com"
  attrs=entry,objectClass val.regex="objvalue1|objvalue2",attr1,attr2
  by <who> <what>


No.  When "val=..." is used, only one attr must appear in the list.

Sorry, I involuntarily hit "send" too soon. You can find this bit ofinfo in slapd.access(5):

Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval>specifies access to a particular value of a single attribute. In

       this  case,  only  a single attribute type may be given.

p.

p.



--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano

Follow-Ups:
- Re: <attrlist> syntax in ACLs
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- <attrlist> syntax in ACLs
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: <attrlist> syntax in ACLs
  - From: Pierangelo Masarati <pierangelo.masarati@polimi.it>

Prev by Date: Re: <attrlist> syntax in ACLs
Next by Date: Re: translucent overlay add an attribute to all users in a OU and subtree
Index(es):
- Chronological
- Thread