From 44e8ffd4fee407b54988b6da6c95554c75500147 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Mon, 28 Jun 2004 10:22:48 +0000 Subject: [PATCH] clarify the use of regex and expand in by dn clauses --- doc/man/man5/slapd.access.5 | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5 index 32cb9b72f6..763e449edf 100644 --- a/doc/man/man5/slapd.access.5 +++ b/doc/man/man5/slapd.access.5 @@ -261,8 +261,8 @@ the dollar character that is used to indicate match up to the end of the string must be escaped by a second dollar character, e.g. .LP .nf - access to dn.regex="^(.*,)?uid=([^,]+),dc=example,dc=com$" - by dn.regex="^uid=$1,dc=example,dc=com$$" write + access to dn.regex="^(.+,)?uid=([^,]+),dc=[^,]+,dc=com$" + by dn.regex="^uid=$2,dc=[^,]+,dc=com$$" write .fi .LP The style qualifier @@ -275,6 +275,30 @@ even if .B dnstyle is not .BR regex . +Note that the +.I regex +dnstyle in the above example may be of use only if the +.B by +clause needs to be a regex; otherwise, if the +value of the second (from the right) +.I dc= +portion of the DN in the above example were fixed, the form +.LP +.nf + access to dn.regex="^(.+,)?uid=([^,]+),dc=example,dc=com$" + by dn.exact,expand="uid=$2,dc=example,dc=com" write +.fi +.LP +could be used; if it had to match the value in the +.B what +clause, the form +.LP +.nf + access to dn.regex="^(.+,)?uid=([^,]+),dc=([^,]+),dc=com$" + by dn.exact,expand="uid=$2,dc=$3,dc=com" write +.fi +.LP +could be used. .LP It is perfectly useless to give any access privileges to a DN that exactly matches the -- 2.39.5