Tobias Franzén wrote:
> I started fiddling around with regexp ACLs after I wrote my mail (I
> thought of it just as I was finishing the mail), and so far I have been
> able to limit access to the userPassword (and as such, simple binds) to
> users in ou=People who have a userPassword like regexp "[EMAIL PROTECTED]".
> However, I have yet to find a way to expand a regexp from the dn
> containing the uid, into the attrs regexp. My ACL looks something like
> this:
>
> access to dn.regex="^uid=([^,]+),ou=People,dc=example,dc=com$"
> attrs=userPassword val.regex="[EMAIL PROTECTED]"
> by self read
> by anonymous auth
> by * none
>
> I have tried to use val.exact="[EMAIL PROTECTED]" but it doesn't
> appear to expand the $1 from teh first dn.regex as I would like. Any ideas?
Your wish does not find any correspondence in the documentation. In
fact, there's no possibility to have such expansion, nor it makes much
sense, as there's no consequentiality implied in setting
access to dn=pattern attr=desc val=value
since
access to val=value attr=desc dn=pattern
would be exactly the same rule.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: [EMAIL PROTECTED]
---------------------------------------
