[Date Prev][Date Next] [Chronological] [Thread] [Top]

acls for "remote groups"

Hi all!

Does anybody already needed to grant access to a group of another partition?

Suppose you are on a.com.br server (DN suffix: dc=br). Its acl conf file is:

access to dn.subtree="dc=br"
    by group/groupOfNames/member="cn=g1,ou=pb,dc=br" write
    by * read

The group cn=g1,ou=pb,dc=br is on another server (suppose b.com.br server, DN suffix: ou=pb,dc=br).

I have noticed slapd ignores the first <who> clause when evaluating acls!!!!

Any hint?

Thanks a lot,