Am Montag, 02. März 2015 21:55 CET, Howard Chu <[email protected]> schrieb:
> Michael Ströder wrote: > > Mattes wrote: > >> Dear collected list wisdom, > >> > >> I'm trying to set up access control using membership in a dynamic > >> list.I've activated the dynlist overlay and configured it like this: > >> > >> olcDlAttrSet: groupOfURLs memberURL member > >> > >> and installed an ACL: > >> > >> olcAccess: to dn.regex=".+,<some base>" > >> by self read > >> by group/groupOfURLs/member="<group DN>" search > >> > >> Browsing the directory I can see the member attributes being added to the > >> group, but testing access with slapacl I encounter the following > >> error:54ef3976 => bdb_entry_get: found entry: "<group DN>" > >> 54ef3976 <= bdb_entry_get: failed to find attribute member > >> > >> What am I doing wrong? > > In general, overlays don't take effect for the offline tools, they only > function in slapd itself. O.k., thanks, that makes a lot of sense. So, slapacl can only take static entries into consideration. That leaves me with the following question: what tool to use to debug ACLs? TIA Ralf Mattes
