Tyler Gates wrote:
Hello, I'm having a hard time setting some ACL's for my particular setup. I have a structure as follows: dn: uid=*,ou=people,dc=example,dc=com # uid contains several unix/linux user ids dn: cn=*,ou=groups,dc=example,dc=com # cn contains several unix/linux groups. uid's (not the complete dn) are supplied to the memberUid fields
What I would like to do is place an organizationalRole in each group and have ACL's setup so that it's uniqueMembers have access to certain attrs (say for example sn) for the uid's (which correspond to those in ou=people) specified in the memberUid fields of the group in which the organizationalRole is placed.
psuedo code would be something as follows:
access to group/posixAccount/memberUid.regex("cn=(.*),ou=groups,dc=example,dc=com") attrs sn by group/organizationalRole/uniqueMembers/.regex("cn=admin,cn=$1,ou=groups,dc=example,dc=com") write
Thanks, Tyler
Hi,
you can use sets for this:
access to dn.regex="^(cn=[^,]+,ou=groups,dc=example,dc=com)$" attrs="sn" by set.expand="[cn=admin,$1]/memberUid & user/uid" write
Regards, Christian