[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access rights for a group member

To: openldap-software@OpenLDAP.org
Subject: Access rights for a group member
From: Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca>
Date: Fri, 22 Jul 2005 15:57:55 -0400
Organization: Universite de Sherbrooke
User-agent: Mozilla Thunderbird 1.0.5 (X11/20050711)

Hi,

I'm trying to set access rights so that a group member can see himself as a member of a group but not the other members. For example :

dn: cn=group1,[...]
cn: group1
member: uid=user1,[...]
member: uid=user2,[...]
objectClass: groupOfNames
owner: uid=user3,[...]

if user1 searches for "cn=group1", he would see :

dn: cn=group1,[...]
cn: group1
member: uid=user1,[...]
objectClass: groupOfNames

without user2 being listed.  I tried (among others things!) the following :

access to dn=".*,[...]" attrs=member
    by dnattr=owner read
    by dnattr=member selfread

which returns (for user1) :

dn: cn=group1,[...]
cn: group1
objectClass: groupOfNames

without any member listed. I tried many other ways and tried to see if I could find anything in the logs without any success. Is there any way to do this? I'm really out of ideas...

I'm using openldap 2.1.30.

Thanks in advance you for your answers.  :)

Prev by Date: Re: BDB corruption on windows port of 2.2.19
Next by Date: Re: olcDbConfig not correctly populating DB_CONFIG file
Index(es):
- Chronological
- Thread