hi, Am 13.11.2013 um 18:24 schrieb Dieter Klünter <[email protected]>: > > You may want to read > http://www.openldap.org/faq/data/cache/1133.htm > http://www.openldap.org/faq/data/cache/1134.html
thanks for the tipp :-)
we changed the first {0} rule:
{0}to dn.regex="(.+,)ou=(.+,)?dc=example,dc=com$"
by group.expand="cn=ldapadmin,ou=roles,ou=$2dc=example,dc=com" write
by * break
[...]
and it seems, that everything works, as expected. The member from the
groupOfNames can changed everything, under his three, but can't delete the
subtree itself.
cu denny
signature.asc
Description: Message signed with OpenPGP using GPGMail
