On 6/8/23 18:13, Howard Chu wrote:
Just use by group=cn=foo,... write
Thanks for the response.
I tried to use group=... and group.exact=... without success.
The Administrator's Guide [1] says that group=... assumes that the
objectClass is "groupOfNames", and if I use another objectClass, I
should use:
by group/<objectclass>/<attributename>=<DN> <access>
However, this method seems not to work with the objectClass
"groupOfURLs". When I try to change the olcAccess policy, I
get the error:
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1
For further context, I wanted to use set=... because my goal is to
create a rule which says:
If a user wants to access his own attribute "X" and is in the group
"test", he only has read access to it.
For that, I would have created a rule like this:
by set="this
& [cn=test,ou=System,dc=example,dc=local]/member
& user" read
Regards,
Souji Thenria
[1] https://www.openldap.org/doc/admin26/
