[Date Prev][Date Next]
posixgroup per user access rights
Is there a way to do something similar to
olcAccess: to attr=member,entry
by dnattr=member selfwrite
but for posixgroups, not groupOfNames?
The problem I see is that an ACL can't authenticate against a posixGroup (as far
as I know) Right now I just have any user has write access to certain
posixGroups, which is a potential security hole as they could add / erase other
Basically I want users to be able to remove themselves from a group. I currently
access to dn.exact="cn=team,ou=Group,dc=prisum,dc=org"
by anonymous auth
by users write
For each of my groups this applies to. As I mentioned above this means that a
user can add / erase other users, which I don't like.
Thanks in advance.