Jeronimo Zucco wrote:
Jeronimo Zucco escreveu:
Hi list.
I'm using openldap 2.3.35 to my mail user database, and I have this structure:
uid=user1,ou=People,dc=domain,dc=br
ou=ImpPrefs,uid=user1,ou=People,dc=domain,dc=br
cn=user1,ou=PersonalAddressBook,dc=domain,dc=br
I try to make ACLs to permit just "self" users to write, in his ImpPrefs and PersonalAddressBook, without success.
I did not find much examples of ACLs with regex, I try to do:
access to dn="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br" by dn="uid=$1,$2,ou=People,dc=domain,dc=br" write by * none
but this give me an error.
Somebody can help me?
Answer to my self:
access to dn.regex="^.*,uid=([^,]+),(.*),ou=People,dc=domain,dc=br$" by dn.exact,expand="uid=$1,$2,ou=People,dc=domain,dc=br" write by * none
What about
access to dn.regex="^.*,(uid=[^,]+,.+,ou=People,dc=domain,dc=br)$" by dn.exact,expand="$1" write
? p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------