Besides the obvious workaround, i.e. split the rule into two ACLs, one with the val.regex and another without, I am not sure that I understand how the other special controls (break, continue) can help with this case. Am I missing sth?


On Tue, Oct 14, 2014 at 6:19 PM, Aaron Richton <richton@nbcs.rutgers.edu> wrote:
On Tue, 14 Oct 2014, Pierangelo Masarati wrote:

  attrs=entry,objectClass val.regex="objvalue1|objvalue2",attr1,attr2

Sorry, I involuntarily hit "send" too soon.  You can find this bit of info in slapd.access(5):

Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval> specifies access to a particular value of a single attribute.  In this case, only a single attribute type may be given.

I do feel it's worth pointing out that, while you're reading that man page, the <control> field may prove particularly useful to apply multiple clauses to your (presumably single) <what> scope.