In the interest of simplifying my life I was going to convert one of my crazy ACLs to a regex (and a rather trivial one at that), but I am finding a bit of an issue... seems I have misread the doc and am not sure where...
I was aiming for something along the lines of: anything that has an attribute name of IWU with something else attached afterward would be captured (in practice my perl says I want /^IWU.*/ but for now the simple and later the hard as first character on the line matching can be added later once syntax errors go away)
Thus I wrote:
access to dn.sub="dc=testldap,dc=iwu,dc=edu" attrs.regex="IWU.*" by self read by * none
However, I get a happy syntax error on this line. That is fair as on a closer reading of the syntax I have come to the conclusion that attrs.regex is nonsense and that the regex entry near the attrs list relates to values.
Am I right? Is there no way to do attrs regex matching?
OpenLDAP 2.4.11
Pat
On Tue, 5 Aug 2008, Pat Riehecky wrote:
access to dn.sub="dc=testldap,dc=iwu,dc=edu" attrs.regex="IWU.*"
Am I right? Is there no way to do attrs regex matching?
So says slapd.access(5):
attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
Notice that <attrstyle> modifies val, not attrs.
openldap-software@openldap.org
-
Aaron Richton -
Pat Riehecky