[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group based ACLS

I have been reading http://www.openldap.org/doc/admin24/access-control.html and am evry interested in how sets can be applied to controlling ACLs. In the examples shown, all the relationships are tied to the user having an attribute such as a manager etc, but i would like to do this in reverse so that an account, lets say Admin, can only modify users that have an entry in a group such as

memberUid: testuser


In this case Admin would be able to modify testuser, but not someuser. Is this possible, or do i need to enforce membership on the user as well such that 

memberOf: group