On 2/14/2022 12:43 PM, Michael Ströder wrote:
Thus I have ACLs like this and which don't work for these clients (lines
wrapped):
I'm not sure if you are asking whether the slapo-dynlist memberOf
implementation supports ACLs in general, or specifically the type of ACL
you are trying to use?
We are currently using the slapo-dynlist module for memberOf:
dynlist-attrset groupOfURLs memberURL member+memberOf@groupOfNames
and the following ACL appears to work properly:
access to dn.children="ou=user,dc=cpp,dc=edu" attrs=memberOf
by self read
by
group.exact="cn=member-readers,ou=group,ou=service,dc=cpp,dc=edu" read
by * none
