On 10/14/2014 09:35 AM, Pierangelo Masarati wrote:
On 10/14/2014 09:03 AM, Nikos Voutsinas wrote:
Hi all,
Although I suspect what the answer would be, I thought It might be a good idea to confirm with the list.
Is the following <attrlist> clause in OpenLdap's ACLs syntax valid;
<attr1> [val[.<basic-style>]=<regex>],<attr2>
e.g. to dn.subtree="ou=People,dc=foo,dc=com" attrs=entry,objectClass val.regex="objvalue1|objvalue2",attr1,attr2 by <who> <what>
No. When "val=..." is used, only one attr must appear in the list.
Sorry, I involuntarily hit "send" too soon. You can find this bit of info in slapd.access(5):
Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval> specifies access to a particular value of a single attribute. In this case, only a single attribute type may be given.
p.
p.