[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: New Listmember with a olcAccess question

Fischer, Johannes wrote:
Hi @all,

I?ve tried to implement a olcAccess via regex for multiple directory entries.

The goal was to group different users in two standard groups. Each group does
have other access rules. I didn?t what to do such a thing for every entry, so
I thought that I?m able to do that with regexes.

But my olcAccess rules doesn?t work.

I?ve already posted the question to stackoverflow, but no answers till now.
Here the link:


There are no OpenLDAP experts on stackoverflow.

And here the rule for a regex access:

olcAccess: {1}to dn.regex="^o(.+),dc=organizations,dc=example,dc=ldap$"
   by group.exact="cn=ADMINS,o=[$1],dc=organizations,dc=example,dc=ldap$" write
   by group.exact="cn=USER,o=[$1],dc=organizations,dc=example,dc=ldap$" read
   by * none

Does somebody can help me? Or is such a thing not possible to do?

Your rule uses group.exact, which means it is NOT doing regex evaluation. Read the slapd.access(5) manpage again.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/