[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control by group



I'd like to grant members of an Administrator group full access to everything in LDAP.  
 
According to the ldap FAQ, the default objectclass is "groupOfNames" and the default attribute checked is "member".  To match my config I'd need to change the values to "posixGroup" and "memberUid" respectively.  It looks like you can do that with the following syntax:
 
<who> ::= group[/<objectclass>[/<attrname>][.<style>]]=<pattern>]
 
I can't find any examples on the web and I've been unsuccessful experimenting with various syntatical permutations.  slapd won't start with any of the following:
 
access to *
    by group/posixGroup="Admins,ou=Group,dc=example,dc=com" write
 
access to *
   by group/posixGroup/memberUid="Admins,ou=Group,dc=example,dc=com" write
 
I'm running OpenLDAP 2.2.13-2
 
Has anyone been able to make this work?
 
TIA,
Jason