On 04/19/2010 04:04 PM, masarati@aero.polimi.it wrote:

...

Hi Andrew I finally figured it out and here is what I did:

ACL

access to attrs=uofsGroupRole val.regex="^([^:]+):.+$" by dn.exact,expand="${v1}" read by * none

Only attribute that contains users' dn within its value is available to said user. It works exactly the way I want it. Only difference from documentation is "${v1}" which explained here: http://www.openldap.org/lists/openldap-bugs/200811/msg00078.html if you are interested...

I've documented this feature in slapd.access(5), as part of ITS#5804.

Thanks, p.

My pleasure.