[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL syntax with wildcards

To: openldap-technical@openldap.org
Subject: Re: ACL syntax with wildcards
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Tue, 27 Mar 2012 15:09:36 +0200
In-reply-to: <4F71B142.8010504@eurobjects.com>
Organization: AVCI
References: <4F48C86C.6070804@eurobjects.com> <4F497A3E.5010606@symas.com> <4F4A15E0.4060908@eurobjects.com> <4F71B142.8010504@eurobjects.com>

Am Tue, 27 Mar 2012 15:23:30 +0300
schrieb Nick Milas <nick@eurobjects.com>:

> On 26/2/2012 1:22 ÎÎ, Nick Milas wrote:
> 
> > It seems to me that it would require to use regex *in a filter* and 
> > then group.expand based on the results. But is this possible? Any 
> > alternatives? 
> 
> Hmm, no one?
> 
> Let me re-phrase: Can we express the following three statements using 
> ONE ACL statement? I haven't been able to find a solution.
> 
> access to dn.subtree="ou=people,dc=example,dc=com"
> filter="(ou=dept1)" attrs="attr1,attr2"
>          by group.exact="cn=dept1Admins,ou=Groups,dc=example,dc=com"
> write
> 
> access to dn.subtree="ou=people,dc=example,dc=com"
> filter="(ou=dept2)" attrs="attr1,attr2"
>          by group.exact="cn=dept2Admins,ou=Groups,dc=example,dc=com"
> write
> 
> access to dn.subtree="ou=people,dc=example,dc=com"
> filter="(ou=dept3)" attrs="attr1,attr2"
>          by group.exact="cn=dept3Admins,ou=Groups,dc=example,dc=com"
> write
> 
> Or any alternative suggestions to achieve the same result?

According to slapd.access(5) these are valid acess rules, but you may
expand the attribute list to pseudo attribute types entry and children.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- Re: ACL syntax with wildcards
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Re: ACL syntax with wildcards
Next by Date: RE: ACL syntax with wildcards
Index(es):
- Chronological
- Thread