On 10/29/05, Samuel Tran <[EMAIL PROTECTED]> wrote: > Feifei Jia wrote: > > >On 10/28/05, Samuel Tran <[EMAIL PROTECTED]> wrote: > > > > > >>On Fri, 2005-10-28 at 13:31 +0800, Feifei Jia wrote: > >> > >> > >>>On 10/28/05, Samuel Tran <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>>On Thu, 2005-10-27 at 10:12 +0800, Feifei Jia wrote: > >>>> > >>>> > >>>>>On 10/26/05, Samuel Tran <[EMAIL PROTECTED]> wrote: > >>>>> > >>>>> > >>>>>>On Wed, 2005-10-26 at 20:53 +0800, Feifei Jia wrote: > >>>>>> > >>>>>> > >>>>>>>Hi there, > >>>>>>> > >>>>>>>What I want to do is: > >>>>>>> > >>>>>>>Let the RDN under ou=Admin,dc=com have write permission to the RDN > >>>>>>>like uid=foo,ou=People,dc=com > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>Do you want any entries in ou=Admin,dc=com to be able to write to any > >>>>>>entries in ou=People,dc=com? > >>>>>> > >>>>>>Sam > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>Yes, that's exactly what I want to do. Could you tell me how to acheive > >>>>>this? > >>>>> > >>>>> > >>>>Try this: > >>>> > >>>>access to dn.subtree="ou=People,dc=com" > >>>> by dn.one="ou=Admin,dc=com" write > >>>> > >>>>Sam > >>>> > >>>> > >>>> > >>>If I want to use regex to let DN like > >>>"uid=test,ou=Admin,dc=demo1,dc=com" can write to entries in > >>>"ou=People,dc=demo1,dc=com", and change "demo1" to "([^,]+)" , what > >>>should I do? It seems I cannot combine subtree with regex. > >>> > >>> > >>> > >>According to man slapd.access, this should work for you: > >> > >>access to dn.regex="^(.+,)?ou=People,dc=([^,]+),dc=com$" > >> by dn.one,expand="ou=Admin,dc=$1,dc=com" > >> > >>Let me know if it is fine. > >> > >>Sam > >> > >> > >> > >> > > > >It seems not work, only get "Insufficient access (50)" error :( > >Maybe "dn,one" is not a good choice? > > > > > Sorry I forgot the access field. It should be: > > access to dn.regex="^(.+,)?ou=People,dc=([^,]+),dc=com$" > by dn.one,expand="ou=Admin,dc=$1,dc=com" write > > > -- > Sam >
Actually, I did add "write" in the "by" clause that day. And I run "slapd -d 128", it showed something like "access denied" :( -- Thanks~
