Frederik Bosch <[email protected]> writes: > Thanks again Dieter. That looks way to difficult for me :). I changed > some things. Now suppose that I want to assign read access to every > roleOccupant in a organizationalRole. > > access to * by group/organizationalRole/roleOccupant read > > But that's not correct syntax. Slapd won't start. It has to be like this: > > access to * by group/organizationalRole/roleOccupant="<DN>" read > > What syntax do I need to let "<DN>" match the whole tree?
by group/organizationalRole/roleOccupant.expand="^cn=([^,]+),ou=subtree,o=myOrganization$" or similar, see man slapd.access(5) for more information. -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
