> On Sun, 2010-02-21 at 13:26 +0100, masar...@aero.polimi.it wrote: >> > I am searching for a rule like this: >> > >> > access >> > to "cn=[^,]+,ou=data1,ou=data" attrs="attr1,attr2,attr3" >> > by dnattr="owner of node ou=data1,ou=data" write >> >> Try >> >> access to dn.children="ou=data1,ou=data" >> by set="[ou=data1,ou=data]/owner & user" write > > Thanks for this hint. The man page for slapd.access currently says > "The statement set=<pattern> is undocumented yet". Is there anywhere > else a detailed documentation for this?
Yes, it's very well hidden here <http://www.openldap.org/faq/data/cache/1133.html> :) Updating slapd.access(5) has been on the todo list for long time... > Especially, can I use regular expressions? Yes, you should be able to figure out the syntax yourself from that link. > Because my real need would > be something like this: > > access > to dn.children="(ou=[^,]+,ou=data)" > by set="[$1]/owner & user" write > > so that I do not have to define a rule for each dataX-subtree... p.
