Hello,
I would like to set ACLs to a bunch of attributes via ACL. Is it possible to use regular expressions in the <what>x field for attrs, someting like
access to attrs.regex=[a.*] by ..... read by * break
I couldn't figure it out :-( If it is possible could someone please write a short example
Thank you
Stefan
Am Tue, 8 Sep 2020 11:59:01 +0200 schrieb Stefan Kania stefan@kania-online.de:
Hello,
I would like to set ACLs to a bunch of attributes via ACL. Is it possible to use regular expressions in the <what>x field for attrs, someting like
access to attrs.regex=[a.*] by ..... read by * break
I couldn't figure it out :-( If it is possible could someone please write a short example
[...]
You may consider sets, access to dn:xxx by set.regex=xxx https://www.openldap.org/faq/data/cache/1133.html
-Dieter
--On Tuesday, September 8, 2020 12:59 PM +0200 Stefan Kania stefan@kania-online.de wrote:
Hello,
I would like to set ACLs to a bunch of attributes via ACL. Is it possible to use regular expressions in the <what>x field for attrs, someting like
access to attrs.regex=[a.*] by ..... read by * break
Hi Stefan,
Many years ago I wrote a page on various example ACLs when I worked for Stanford University. It still exists, and has an example in it: https://uit.stanford.edu/service/directory/aclexamples
Specifically:
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup val.regex="^stanford:.+" by group.base="cn=WebAuthPrivileged,cn=applications,dc=stanford,dc=edu" sasl_ssf=56 read by group.base="cn=WebAuthGeneral,cn=applications,dc=stanford,dc=edu" sasl_ssf=56 read by * break
So your format is wrong, it's not "attrs.regex", it's attrs=ATTR val.regex=REGEX
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Dieter Klünter -
Quanah Gibson-Mount -
Stefan Kania