Fischer, Johannes wrote:
Hi @all,
Ive tried to implement a olcAccess via regex for multiple directory entries.
The goal was to group different users in two standard groups. Each group does have other access rules. I didnt what to do such a thing for every entry, so I thought that Im able to do that with regexes.
But my olcAccess rules doesnt work.
Ive already posted the question to stackoverflow, but no answers till now. Here the link:
http://stackoverflow.com/questions/31693040/ldap-olcaccess-regex-are-not-wor...
There are no OpenLDAP experts on stackoverflow.
And here the rule for a regex access:
olcAccess: {1}to dn.regex="^o(.+),dc=organizations,dc=example,dc=ldap$" attrs=children by group.exact="cn=ADMINS,o=[$1],dc=organizations,dc=example,dc=ldap$" write by group.exact="cn=USER,o=[$1],dc=organizations,dc=example,dc=ldap$" read by * none
Does somebody can help me? Or is such a thing not possible to do?
Your rule uses group.exact, which means it is NOT doing regex evaluation. Read the slapd.access(5) manpage again.