I was wondering if there was a way to write an ACL for
a members of the PosixGroup.
I have a simple directory structure of:
ou=People,o=myorg (with posixusers)
ou=Group,o=myorg (with posixgroups)
I would like to create an ACL that allows users who
have a gidNumber of X(say 101) that matches our
systems admin group to have write access. And I guess
one point is that they are not listed indivudually as
"memberOf" entries in the ou=Group cn, they just have
a gidNumber that matches a group in there.
I tried:
by group="cn=sysads,ou=Group,o=myorg" write
and
by group.expand="cn=sysads,ou=Group,o=myorg" write
Neither one worked, and in fact I saw an error message
of something line:
=> bdb_entry_get: found entry:
"cn=sysads,ou=group,o=myorg"
Mar 28 11:44:59 kyloulapp54dp slapd[5949]: <=
bdb_entry_get: failed to find objectClass groupOfNames
Does the group ACL's require a "groupofNames" instead
of using posixGroups under an OrganizationUnit?
I was wondering if maybe there some regex maybe I
could use to check the gidNumber of the user trying to
attempt access? I am not a regex genius so any help
would be appreciated.