Mark Valence wrote a patch to do this. I believe it was checked in July 2000 into the devel branch, but it was never added to the distribution. I believe Kurt has mentioned that nested groups are under consideration by virtue of their definition in X.400/X.500 or something like that, so someday this may be a reality. Kevin -----Original Message----- From: Mark R. Diggory Sent: Fri 10/26/2001 3:52 AM To: openldap-software@OpenLDAP.org Cc: Subject: Recursive Groups I've been working hard on developing an ACL based on many of the examples provided in the mail archives and faq for OpenLDAP. I wondering if anyone has attempted an acl that would recursively check group memberships for authentication/authorization. What I'd like to do is: dn: cn=group2,o=blaa member: cn=group1,o=blaa ... dn: cn=group1,o=blaa member: uid=joe_user,o=blaa ... dn: uid=joe_user,o=blaa ... and have joe_user be authenticated as if a member of both group1 and group2. Does anyone know if this is possible? -Mark Diggory
<<winmail.dat>>