Hi,
thanks for your answer but my chiefs are not in a separate group; the
directory looks like this:
+ dc=example,dc=com
|
--- ou=groups
| |
| --- cn=group_1 (objectClass = posixGroup, members by attribute
"memberUid")
| | ...
| --- cn=group_i
|
--- ou=persons
|
--- uid=person_1 (objectClass ~ inetOrgPerson, groups by attribute
"groupesTravail")
| ...
--- uid=person_j
* posixGroup and memberUid(== users' uid) are compulsory to use the
directory for typo3 authentification.
* there is no posixAccount objectClass for the persons' entries as they
have no login account on the server
* I use a "groupesTravail" multivalued attribute instead of the standard
gidNumber as my users may belongs to more than one group (of persons who
work on the same theme)
* the "chiefs" are the persons I want to grant write access to
ou=groups, so they can add or delete a uid when a user registered or
quit some group. Their groupesTravail attribute contains the value 1200.
So, the filter behavior I am trying to get for the <who> clause is:
(&(objectClass=inetOrgPerson)(groupesTravail=1200))
with hope that it is more clear, and hope that someone has a solution :-)
thanks !
