[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: grant access on a attribute specific value


thanks for your answer but my chiefs are not in a separate group; the directory looks like this:

+ dc=example,dc=com
--- ou=groups
| |
| --- cn=group_1 (objectClass = posixGroup, members by attribute "memberUid")
| | ...
| --- cn=group_i
--- ou=persons
--- uid=person_1 (objectClass ~ inetOrgPerson, groups by attribute "groupesTravail")
| ...
--- uid=person_j

* posixGroup and memberUid(== users' uid) are compulsory to use the directory for typo3 authentification.
* there is no posixAccount objectClass for the persons' entries as they have no login account on the server
* I use a "groupesTravail" multivalued attribute instead of the standard gidNumber as my users may belongs to more than one group (of persons who work on the same theme)
* the "chiefs" are the persons I want to grant write access to ou=groups, so they can add or delete a uid when a user registered or quit some group. Their groupesTravail attribute contains the value 1200. So, the filter behavior I am trying to get for the <who> clause is: (&(objectClass=inetOrgPerson)(groupesTravail=1200))

with hope that it is more clear, and hope that someone has a solution :-)

thanks !