Am Tue, 27 Mar 2012 15:23:30 +0300 schrieb Nick Milas <[email protected]>:
> On 26/2/2012 1:22 μμ, Nick Milas wrote: > > > It seems to me that it would require to use regex *in a filter* and > > then group.expand based on the results. But is this possible? Any > > alternatives? > > Hmm, no one? > > Let me re-phrase: Can we express the following three statements using > ONE ACL statement? I haven't been able to find a solution. > > access to dn.subtree="ou=people,dc=example,dc=com" > filter="(ou=dept1)" attrs="attr1,attr2" > by group.exact="cn=dept1Admins,ou=Groups,dc=example,dc=com" > write > > access to dn.subtree="ou=people,dc=example,dc=com" > filter="(ou=dept2)" attrs="attr1,attr2" > by group.exact="cn=dept2Admins,ou=Groups,dc=example,dc=com" > write > > access to dn.subtree="ou=people,dc=example,dc=com" > filter="(ou=dept3)" attrs="attr1,attr2" > by group.exact="cn=dept3Admins,ou=Groups,dc=example,dc=com" > write > > Or any alternative suggestions to achieve the same result? According to slapd.access(5) these are valid acess rules, but you may expand the attribute list to pseudo attribute types entry and children. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
