Buchan Milne escreveu:
On Tuesday, 15 May 2007, Jeronimo Zucco wrote:
Now it is working, with the following ACL:
access to
dn.regex="^cn=(.*),ou=([^,]+),ou=PersonalAddressBook,suffix$"
by dn.regex="uid=$2,.*,ou=People,dc=suffix$" write
If this one works, it conflicts the the example user DNs you supplied (where
you had a cn value in the user's addressbook container matching the uid
naming attribute in their DN).
And, even if it does work, it is, as I noted on IRC, horribly insecure. Your
users can not expect *any* privacy with this regex.
Yes, I'm working for migrate aplications to use PersonalAddressBook
under the user entry. Until there, I will use this acls.
If you can't sanitise the DNs in your examples without confusing the issue,
maybe you should post the real DNs, so that people help you with the problem
you have, not the one you think you have ...
I'm sorry if I wasn't able to explain correct my structure, it was my
fault. It wasn't my intention. Thank you for help to all.
--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
NĂșcleo de Processamento de Dados
Universidade de Caxias do Sul
http://jczucco.blogspot.com
