Fischer, Johannes wrote:
Hi @all, I?ve tried to implement a olcAccess via regex for multiple directory entries. The goal was to group different users in two standard groups. Each group does have other access rules. I didn?t what to do such a thing for every entry, so I thought that I?m able to do that with regexes. But my olcAccess rules doesn?t work. I?ve already posted the question to stackoverflow, but no answers till now. Here the link: http://stackoverflow.com/questions/31693040/ldap-olcaccess-regex-are-not-working-as-expected
There are no OpenLDAP experts on stackoverflow.
And here the rule for a regex access:
olcAccess: {1}to dn.regex="^o(.+),dc=organizations,dc=example,dc=ldap$"
attrs=children
by group.exact="cn=ADMINS,o=[$1],dc=organizations,dc=example,dc=ldap$" write
by group.exact="cn=USER,o=[$1],dc=organizations,dc=example,dc=ldap$" read
by * none
Does somebody can help me? Or is such a thing not possible to do?
Your rule uses group.exact, which means it is NOT doing regex evaluation. Read the slapd.access(5) manpage again.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/