[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's and dynlist confusion

Howard Chu wrote:
1. Changed ACL to:
access to *
group/nsdGroupOfMemberURLs/member="cn=LdapAdmins,ou=Groups,dc=nsd,dc= org" write
by * none

To get slapd to start, I had to change the schema definition to include member as an attribute so I am pretty sure this is not correct.

Since it appears you're trying to use a dynamic group, you should have used memberURL not member.

I also saw a brief message where you suggested using the set statement instead of groups because it would be more efficient, but could not get that to work either.

I would never have said any such thing. Sets are notoriously *in*efficient.

Hmm, I obviously misread the post. Thanks for the pointer to use memberURL. That works perfectly. Once I get this thing set up I plan to write up a FAQ.



"When we try to pick out anything by itself, we find it
 connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, ski@nsd.org, 206-501-9803