On 27/3/2012 4:29 μμ, Joe Friedeggs wrote:
Assuming these org units are under ou=people, have you tried something like this?
Negative. ou here is an attribute of the entry, not a separate org unit.
That's why I haven't found a solution neither with regexp/expand nor with set/expand.
A solution seems to me possible only if ACL regex match/expand would be possible in filter, rather than in the <what> part, yet I don't think it's possible.
What I see as a solution is to add explicitly an owner attribute to each entry (with the appropriate owner DN) and create an ACL to test this attribute value.
Or this: http://www.openldap.org/lists/openldap-technical/201202/msg00344.html
But I still would like to have experienced people's feedback on this, before deciding.
Nick.