Howard Chu wrote:
Ski Kacoroski wrote:
Hi,
I am using openldap 2.3.24 and have the following ACL:
# for everything else, admins can read & write
access to *
by group="cn=LdapAdmins,ou=Groups,dc=nsd,dc=org" write
by * none
My test account is a member of ldapadmins:
dn: cn=ldapadmins,ou=Groups,dc=nsd,dc=org
cn: ldapadmins
objectClass: nsdGroupOfMemberURLs
nsdGroupOwner: Technology
description: ldapadmins management group
memberURL: ldap:///ou=staff,ou=people,dc=nsd,dc=org??sub?(nsdGroups=
ldapadmins
)
gidNumber: 11011
member: uid=test2,ou=staff,ou=People,dc=nsd,dc=org
However, when I try to access an object:
Why is it asking for the groupOfNames objectclass. Do I have to add
this object class to my schema for dynlists?
You have to read slapd.access(5) and understand how to properly specify
a group ACL.
I was not able to get groups acls to work, but I was able to get set
acl's to work. If I understood a posting to the list, these is a more
efficient method. The ACL I have that works is:
access to *
by set="user/nsdGroups* & [ldapadmins]" write
by * none
Am I missing anything here?
cheers,
ski
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, [EMAIL PROTECTED], 206-501-9803
