[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: two issues with dyngroups

Guillaume Rousse wrote:
Pierangelo Masarati a écrit :
The second directive is that ACLs seems to ignore this dynamic group:
# admins
access to dn.subtree="dc=msr-inria,dc=inria,dc=fr"
    by group="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write
    by * break


access to dn.subtree="dc=msr-inria,dc=inria,dc=fr"
by group/groupOfURLs/memberURL="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write
by * break

(please excuse any unintended line wrapping).
Indeed, many thanks.

This is an often overlooked requirement of groups that use group objectClass and member attribute other than groupOfNames and member. Probably a note should be added to slapo-dynlist(5) man page and somewhere else as appropriate.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it