I wrote: > Do you know how I could implement that? Alternatively, is there any more > documentation for sets than is in the faq-o-matic? Some more > configuration examples would be very welcome. Does anyone have a config > file they'd be willing to share?
Many thanks to Hallvard B Furuseth who helped me to this rule: access to dn.regex=",ou=([^,]+),ou=projects,...$" by set.expand="[cn=administrators,ou=$1,ou=projects,...]/member* & user" write by set.expand="[cn=readers,ou=$1,ou=projects,...]/member* & user" read by set.expand="[cn=readers,ou=$1,ou=projects,...]/objectClass" none by * read (For OpenLDAP 2.2, use set.regex instead of set.expand.) Dave -- ** Dave Holland ** Systems Support -- Special Projects Team ** ** 01223 496923 ** Sanger Institute, Hinxton, Cambridge, UK **
