Am Wed, 6 May 2009 12:39:10 -0700 schrieb Sean Burford <[email protected]>:
> On Tue, May 5, 2009 at 3:13 PM, Wolfgang Lorenz <[email protected]> > wrote: > > > Thank you, > > > > I've found a way to achieve exactly what I wanted: > > > > # self may write subentries no one else may read... > > access to dn.regex="^(.+,)+uid=([^,]+),ou=people,dc=example,dc=com$" > > by dn.regex="^uid=$2,ou=people,dc=example,dc=com$$" write > > > Where possible I would use the self.level{-1} syntax in preference of > regexes since it is more descriptive. It also doesn't depend on the > stability and performance of the OS regex libraries (which use a lot > of malloc/frees). > But the regex-way gives me the possibility to give write access to the whole subtree of the binddn, whereas I wouldn't know how to do this using self.level... Anyway, I don't expect many ldap-requests, what makes me think, that I can spare some mallocs and frees. ;-) But I can see, that this might be a problem on a bigger system with much more users, than mine. Cheers, Wolfgang
