Aaron Richton wrote:
I'm not sure I'm reading you right, but it sounds like you're hosting:
dn: cn=someObject,dc=example,dc=com
groupOfWriters: cn=specialPeople,dc=example,dc=com
dn: cn=specialPeople,dc=example,dc=com
uniqueMember: cn=Bob,dc=example,dc=com
uniqueMember: cn=Charlie,dc=example,dc=com
Something like that? Well, first off, consider if you can handle this
with the simple case -- that is,
access to "cn=someObject,dc=example,dc=com"
by
group/groupOfUniqueNames/uniqueMember.exact="cn=specialPeople,dc=example,dc=com"
write
Try the ACL test that ships with slapd if you want to see that in
action. But it sounds like you want this to be dynamic based off
groupOfWriters. I think you can do that with a set ACL. Maybe something
along the lines of
by set="groupOfWriters/member & user" write
but that's just off the top of my head and quite likely insufficient.
by set="this/groupOfWriters/member & user" write
would probably be more appropriate :)
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: [EMAIL PROTECTED]
---------------------------------------
