[Date Prev][Date Next] [Chronological] [Thread] [Top]

posixgroup per user access rights

Is there a way to do something similar to

       olcAccess: to attr=member,entry
             by dnattr=member selfwrite

but for posixgroups, not groupOfNames?
The problem I see is that an ACL can't authenticate against a posixGroup (as far
as I know) Right now I just have any user has write access to certain
posixGroups, which is a potential security hole as they could add / erase other

Basically I want users to be able to remove themselves from a group. I currently

access to dn.exact="cn=team,ou=Group,dc=prisum,dc=org"
        by anonymous auth
        by users write

For each of my groups this applies to.  As I mentioned above this means that a
user can add / erase other users, which I don't like.

Thanks in advance.