Ski Kacoroski wrote:
Hi,
I am using openldap 2.3.24 and have the following ACL:
# for everything else, admins can read & write
access to *
by group="cn=LdapAdmins,ou=Groups,dc=nsd,dc=org" write
by * none
My test account is a member of ldapadmins:
dn: cn=ldapadmins,ou=Groups,dc=nsd,dc=org
cn: ldapadmins
objectClass: nsdGroupOfMemberURLs
nsdGroupOwner: Technology
description: ldapadmins management group
memberURL: ldap:///ou=staff,ou=people,dc=nsd,dc=org??sub?(nsdGroups=
ldapadmins
)
gidNumber: 11011
member: uid=test2,ou=staff,ou=People,dc=nsd,dc=org
However, when I try to access an object:
Why is it asking for the groupOfNames objectclass. Do I have to add
this object class to my schema for dynlists?
You have to read slapd.access(5) and understand how to properly specify
a group ACL.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
