[Date Prev][Date Next]
ACL syntax with wildcards
- To: openldap-technical <email@example.com>
- Subject: ACL syntax with wildcards
- From: Nick Milas <firstname.lastname@example.org>
- Date: Sat, 25 Feb 2012 13:39:24 +0200
- User-agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
We would like to use ACL statements of the form (used for illustration
access to dn.subtree="ou=people,dc=example,dc=com"
by group.exact="cn=xxxxxAdmins,ou=Groups,dc=example,dc=com" write
by group.exact="cn=allAdmins,ou=Groups,dc=example,dc=com" read
by self read
where xxxxx is some string.
In essence, we assign people entries to various administrative groups,
depending on the value of the ou attribute of the entry.
Of course we can write many statements, one per ou value / admin group,
but it would be much more concise to use just one statement using wildcards.
Could someone please suggest if and how the above can be written
correctly, using e.g. regex?
I appreciate any suggestions.