Hi,
Am Fri, 28 Jun 2013 16:50:37 +0200 schrieb Ole ole@free.de:
The ACL I try to use (according to [1]) is:
access to dn.regex=".+,ou=([^,]+),ou=mail,dc=example,dc=tld$" by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write by * break
but it doesn't take effect. After hours of thinking about the problem and searching in the internet I still can't get the poit.
I got it. The ACL should be:
access to dn.regex=".*ou=([^,]+),ou=mail,dc=example,dc=tld$" by dn.onelevel,expand="ou=admins,ou=$1,ou=mail,dc=example,dc=tld" write by * break
The problem was, that ou=somedomain.tld,ou=mail,dc=example,dc=tld can't be your base dn, if you use 'dn.regex=".+,ou=...' because it means the there have to be at least one entry more. If you use '.*' instead of '.+' and leave the ',' there doesn't has to be an entry.
So with this ACL you have access to 'ou=somedomain.tld,ou=mail,dc=example,dc=tld' and to its subtree.
Regards, Ole