I have been reading http://www.openldap.org/doc/admin24/access-control.html and am evry interested in how sets can be applied to controlling ACLs. In the examples shown, all the relationships are tied to the user having an attribute such as a manager etc, but i would like to do this in reverse so that an account, lets say Admin, can only modify users that have an entry in a group such as
cn=Group,dc=example memberUid: testuser uid=testuser,dc=example uid=someuser,dc=example In this case Admin would be able to modify testuser, but not someuser. Is this possible, or do i need to enforce membership on the user as well such that uid=testuser,dc=example memberOf: group William
