Hi,

We would like to use ACL statements of the form (used for illustration purposes):

access to dn.subtree="ou=people,dc=example,dc=com" filter="(ou=xxxxx)" attrs="someAttrs" by group.exact="cn=xxxxxAdmins,ou=Groups,dc=example,dc=com" write by group.exact="cn=allAdmins,ou=Groups,dc=example,dc=com" read by self read

where xxxxx is some string.

In essence, we assign people entries to various administrative groups, depending on the value of the ou attribute of the entry.

Of course we can write many statements, one per ou value / admin group, but it would be much more concise to use just one statement using wildcards.

Could someone please suggest if and how the above can be written correctly, using e.g. regex?

I appreciate any suggestions.

Thanks, Nick