Emmanuel Dreyfus wrote:
Hello
The goal is to give access to a ressource based on two mandatory conditions.
I want user DN to match a rule, and attribute value to match another rule, which depends on the user
This yields me two rules. The first one allow a user that has a given ou in ouManager set to modify the authorizedService in this ou. I did not test the second one yet, but the idea is that the user has a serviceManager attribute telling which value of authorizedService he is allowed to set.
access to dn.regex="^uid=.+,ou=.+,o=home$" attrs=authorizedService by set.exact="user/ouManager& this/-1" write stop
access to attrs.regex=authorizedService val.regex="(.*)" by set="user/serviceManager& ${v1}" write stop
But I need to perform a AND between the two rules. How can that be done?
Concatenate the terms in the sets.
access to dn.regex="^uid=.+,ou=.+,o=home$" attrs=authorizedService val.regex=(.*) by set.expand="(user/ouManager + user/serviceManager) & (this/-1 + ${v1})" write