Frankly I don't understand in detail what you want to achieve.
But first of all:
Did you set "add_content_acl on" in your slapd.conf (or similar in back-config)?
Ciao, Michael.
Emmanuel Dreyfus wrote:
> Replying to myself:
>
> Reading latest code from git, I can tell that there is no way to craft
> an ACL using val for multiple attributes. Such a concept is difficult to
> specify anyway: if I imagine something like this:
> access to attrs=foo val.regex="^(.*)$" attrs=bar val.regex="^(.*)$"
>
> We can immagine we find foo's new value in ${v1} and bar's new value in
> ${v2}, but ${v0} remains difficult to define. And then there is the
> problem of how to handle multivalued attributes.
>
> I came to the conclusion that this is not The Right Way of doing it,
> hence I had another idea: I could use an overlay that creates dynamic
> attributes based on other attribute's values. Some kind of buz =
> printf("%s-%s", foo, bar) functionnality and use val.regex against this
> buz dynamic attribute.
>
> Questions
> 1) Does it already exist? Perhaps slapo-rwm is able to do something like
> this?
> 2) If not then I could implement it, but how feasible is it? Are
> overlays able to tweak an add or modify request, to add an attribute
> before it hits the ACL layer?
>
>
> Emmanuel Dreyfus <manu@netbsd.org> wrote:
>
>> In ACL, the attrs=foo val.regex="^(.*)$" construct allows filtering on
>> the new value for an attribute.
>>
>> Using sets in the who clauses this new value can be matched as ${v0}
>> against current attributes values. But what about if we want to match
>> against another new attribute value? I currently run 2.4.33, and there
>> is no way to have multiple attrs=foo val.regex="^(.*)$" statements in the
>> what clause. Has this changed in later releases? Or is there another way
>> of doing it?
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature