[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL question
Hi again,
I'm just trying to create an ACLs which would give group
cn=Domain Admins,ou=Groups,dc=my,dc=domain
members an access to add, modify and delete entries from groups
ou=Users,dc=my,dc=domain
ou=Groups,dc=my,dc=domain
ou=Computers,dc=my,dc=domain
ou=Printers,dc=my,dc=domain
I just noticed that e.g. my group 'Domain Admins' (created with
smbldap-populate script) doesn't include objectClass groupOfNames, but
only posixGroup and sambaGroupMapping, and group members are defined by
attribute memberUid. So I tried following
access to dn="ou=Users,dc=my,dc=domain"
by group/posixGroup/memberUid.exact="cn=Domain \
Admins,ou=Groups,dc=my,dc=domain"
by * none
but when I run slaptest, it returned an error
/etc/openldap/slapd.conf: line 139: group "cn=Domain \
Admins,ou=Groups,dc=physics,dc=helsinki,dc=fi": \
inappropriate syntax: 1.3.6.1.4.1.1466.115.121.1.26
<access clause> ::= access to <what> [ by <who> <access> [ <control> ]
...
<who> ::= [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
...
Shouldn't that be consistent with my ACL definition for group? Should I
add e.g. groupOfNames object class to my group entries and define group
members with Member attribute?
Jukka
--
IT Services Administrator, Department of Physical Sciences,
University of Helsinki, firstname lastname at helsinki fi,
tel. +358 (0)9 191 50713, fax. +358 (0)9 191 50610
- References:
- ACL question
- From: Jukka Hienola <jukka.hienola@helsinki.fi>