[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: posixgroup per user access rights

Tom Noonan II wrote:
Is there a way to do something similar to

       olcAccess: to attr=member,entry
             by dnattr=member selfwrite

but for posixgroups, not groupOfNames?

No. The ACL mechanism assigns privileges to LDAP users. In LDAP, users have DNs. posixGroup is an obsolete artifact of the short-sighted RFC2307 schema design. Proper LDAP clients use DNs (groupOfNames / member) and map DNs to POSIX account names for NSS usage; there's no good reason to keep using memberUid.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/