Am Tue, 27 Mar 2012 15:23:30 +0300 schrieb Nick Milas nick@eurobjects.com:
On 26/2/2012 1:22 μμ, Nick Milas wrote:
It seems to me that it would require to use regex *in a filter* and then group.expand based on the results. But is this possible? Any alternatives?
Hmm, no one?
Let me re-phrase: Can we express the following three statements using ONE ACL statement? I haven't been able to find a solution.
access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=dept1)" attrs="attr1,attr2" by group.exact="cn=dept1Admins,ou=Groups,dc=example,dc=com" write
access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=dept2)" attrs="attr1,attr2" by group.exact="cn=dept2Admins,ou=Groups,dc=example,dc=com" write
access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=dept3)" attrs="attr1,attr2" by group.exact="cn=dept3Admins,ou=Groups,dc=example,dc=com" write
Or any alternative suggestions to achieve the same result?
According to slapd.access(5) these are valid acess rules, but you may expand the attribute list to pseudo attribute types entry and children.
-Dieter