[Date Prev][Date Next] [Chronological] [Thread] [Top]

use of the domain acl control

To: <openldap-software@OpenLDAP.org>
Subject: use of the domain acl control
From: "Jeff Christensen" <jrc001@cityxpress.com>
Date: Wed, 21 Jun 2006 09:33:25 -0700
Thread-index: AcaVUGsK6uZPfLUPS/KjjQ/4sRIl7A==

I have all my machines listed as 'cxhost' objects within:

ou=Hosts,dc=cityxpress,dc=com

I'd like to store some host specific information in my
'cxhost' object. I'd like to allow hosts to connect to
the directory anonymously but only read information 
specific to themselves.

For example the host 'bob.cityxpress.com' connects 
anonymously to the directory. This connection only
should have read access to:

cn=bob.cityxpress.com,ou=Hosts,dc=cityxpress,dc=com

Can I do this?

I've tried different formulations of the following
access control statement:

access to dn.regex="(.+),ou=Hosts,dc=cityxpress,dc=com"
        by domain.regex="$1" write

This isn't working.

I've also had less the luck getting any debug statements
regarding this.

Any advice would be appreciated.

Thanks.

Follow-Ups:
- Re: use of the domain acl control
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: kill ldap: -INT or -HUP
Next by Date: Re: LDAP+SASL
Index(es):
- Chronological
- Thread