[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control for opattrs (memberof overlay)

How do I control access to operational attributes, in this case
memberOf by the eponymous overlay? While I can put an index on
'memberOf' I can't seem to use it in an <attrlist> as part of an ACL:

  unknown attr "memberOf" in to clause

(This is on 2.4.22 with all default settings for the memberof overlay
and on a syncrepl consumer. The Changelog up to 2.4.25 does not show
relevant issues from ITS, AFAICT.)

Neither the slapd.access man page, FAQ or admin guide were of help wrt
controlling access to operational attributes (but I may have
overlooked something).
(I also tried giving access to the 'entry' pseudo attribute, which
didn't change the behaviour).

How then are people controlling access to group memberships as
provided by the memberof overlay?