Emmanuel Dreyfus wrote:
Hello
The goal is to give access to a ressource based on two mandatory
conditions.
I want user DN to match a rule, and attribute value to match another
rule, which depends on the user
This yields me two rules. The first one allow a user that has a given ou
in ouManager set to modify the authorizedService in this ou. I did not
test the second one yet, but the idea is that the user has a
serviceManager attribute telling which value of authorizedService he is
allowed to set.
access to dn.regex="^uid=.+,ou=.+,o=home$" attrs=authorizedService
by set.exact="user/ouManager& this/-1" write stop
access to attrs.regex=authorizedService val.regex="(.*)"
by set="user/serviceManager& ${v1}" write stop
But I need to perform a AND between the two rules. How can that be done?
Concatenate the terms in the sets.
access to dn.regex="^uid=.+,ou=.+,o=home$"
attrs=authorizedService val.regex=(.*)
by set.expand="(user/ouManager + user/serviceManager) &
(this/-1 + ${v1})" write
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
