[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd.conf acl based on uniqueMember attribute


So far I have searched the archives and existing documentation I can find,
but only find references to doing the inverse of what I need.  Here's the

I need to create 2 ou's (one for accounts and one for class roles).  User
accounts follow the standard rfc2307 schema using posixAccount
objectclass.  Class roles are represented by the groupOfNames objectclass.
I need to define an ACL in slapd.conf which allows the 'owner' attribute
value in the groupOfNames write access to the DN's specified by the
'member' attribute.

In basic terms

  acccess to "members of groupOfName"
	by "owner of entry" write

Note that this is write acess to the entries defined by the member DN's.
Not the groupOfNames entry itself.  That is easy.

Anyone got a suggestion?

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )