[Date Prev][Date Next] [Chronological] [Thread] [Top]

Nested groupOfNames members


Can someone tell me if a groupOfNames object can be used as a member of another groupOfNames object ?

Considering the following example,

dn: cn=foo,o=mycorp
objectClass: organizationalRole
cn: foo

dn: cn=group1,o=mycorp
objectClass: groupOfNames
cn: group1
member: cn=foo,o=mycorp

dn: cn=group1,l=paris,o=mycorp
objectClass: groupOfNames
cn: group1
member: cn=group1,o=mycorp

With some acls based like :

access to dn.subtree="o=mycorp" attrs=userPassword by self =rwscx by * =x
access to dn.subtree="o=mycorp" by users =rscx
access to dn.subtree="ou=something,o=mycorp" by group.base="cn=group1,l=paris,o=mycorp =rscx by * =0

cn=foo,o=mycorp cannot read entry in ou=something,o=mycorp.

Thanks for your help, -- Pierre-Francois LAURAND