[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL - grant access to subtree by regex

To: openldap-technical@openldap.org
Subject: ACL - grant access to subtree by regex
From: Ole <ole@free.de>
Date: Fri, 28 Jun 2013 16:50:37 +0200

Hi,

I'm really new to OpenLDAP and try to grant domain-admins access to
their domain-subtree in our historicaly grown LDAP Structure.

The Structure is like this:

  ou=somedomain.tld,ou=mail,dc=example,dc=tld
  ou=admins,ou=somedomain.tld,ou=mail,dc=example,dc=tld
  cn=admin@somedomain.tld,ou=admins,ou=somedomain.tld,ou=mail,dc=example,dc=tld

The ACL I try to use (according to [1]) is:

  access to dn.regex=".+,ou=([^,]+),ou=mail,dc=example,dc=tld$"
    by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write
    by * break

but it doesn't take effect. After hours of thinking about the problem
and searching in the internet I still can't get the poit.

Thank you for reading,
Ole

[1] http://www.openldap.org/faq/data/cache/973.html

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: ACL - grant access to subtree by regex (solved)
  - From: Ole <ole@free.de>

Prev by Date: MDB resizing
Next by Date: LB health check during syncrepl refresh
Index(es):
- Chronological
- Thread