Gavin,
Thank you for reply and suggestion about support services!
However, I'm looking forward that somebody from the list is familiar with
sets syntax for defining an ACL and would be able to determine if ACL like
this is correct:
*access to attrs=employeeType,employeeNumber
by self write
by set="[cn=System
Administrator,ou=groups,dc=domain,dc=com]/uniqueMember* & user" write
by * read*
So, we have a parent group (groupOfUniqueNames, "System Administrator") and
all members should be granted access permission to modify specific
attributes. Then we need to have ability to add new child groups in runtime,
so that all child group members would be automatically granted the same set
of permissions as parent group. Without modifying slapd.conf and restarting
server of course.
Probably there is some important nuance with sets syntax or maybe there is
any another alternative solution?
Because as I mentioned, with stated ACL we have performance issues on one
OpenLDAP instance and fatal crash on another...
Regards,
Alina.
On Dec 7, 2007 1:46 AM, Gavin Henry <[EMAIL PROTECTED]> wrote:
> > That is very urgent and critical for our project, we really need to
> > solve this problem as soon as possible!
> > Please help!!!
> >
>
> http://www.openldap.org/support/ for urgent things.
>
> Most people on these lists use their spare time.
>
