Hello, everybody. I have this structure:
dn: o=z objectclass: organization objectclass: top o: z dn: domainName=example.org,o=z objectclass: mailDomain objectclass: top domainname: example.org dn: uid=user,domainName=example.org,o=z objectclass: account objectclass: mailUser objectclass: top mail: [email protected] uid: user and want to grant access only for members of subtree of every domainName: dn: ou=Admins,domainName=example.org,o=z objectclass: organizationalUnit objectclass: top ou: Admins dn: uid=postmaster,ou=Admins,domainName=example.org,o=z objectclass: account objectclass: mailAdmin objectclass: top mail: [email protected] uid: postmaster write ACL : {0}to attrs=userPassword by self write by anonymous auth by * none {1}to dn.regex="^(.+,)?(domainName=[^,]+,o=z)$" by dn.onelevel,expand="ou=Admins,$2" write {2}to * by self write and all working fine, but I want to add something this: dn: uid=admin,domainName=example.org,o=z objectclass: account objectclass: mailAdmin objectclass: top mail: [email protected] uid: admin and rewrite ACL to dn.regex="^(.+,)?(domainName=[^,]+,o=z)$" by dn.onelevel,expand="ou=Admins,$2" write for grant write access for all subentries of domainName which has objectClass=mailAdmin . Is it possible? How can I do it?
