[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL syntax with wildcards


We would like to use ACL statements of the form (used for illustration purposes):

access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=xxxxx)" attrs="someAttrs"
        by group.exact="cn=xxxxxAdmins,ou=Groups,dc=example,dc=com" write
        by group.exact="cn=allAdmins,ou=Groups,dc=example,dc=com" read
        by self read

where xxxxx is some string.

In essence, we assign people entries to various administrative groups, depending on the value of the ou attribute of the entry.

Of course we can write many statements, one per ou value / admin group, but it would be much more concise to use just one statement using wildcards.

Could someone please suggest if and how the above can be written correctly, using e.g. regex?

I appreciate any suggestions.