[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL using Group

To: openldap-technical@openldap.org
Subject: ACL using Group
From: Rakesh Aggarwal <rakesh.aggarwal@gmail.com>
Date: Fri, 11 Nov 2011 11:40:44 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=FEJLldfso5dly9MVPRRYZvpYrXR4SpIzfSkg5SnxDxo=; b=prZNOxT9NYFv5yzl02W2yQ3AkxlO/ayCZlNzEUx/vQ69lFC4ldWTy5Ar0tLObHPv/+ 2n1e/k3SU5nXuGgINa7pkkoD9AbQjCv/LHKYHWJkWWJvr3OvIsSxChSYBviqLh6/0kND uuCx137KHLD4ZOFZrWuDlBIJqS9zhTYsTbpEA=

Hi folks!

I am using OpenLdap 2.4.23 on RedHat, and using Apache Directory Studio as the client on a different machine.

I am having issues trying to setup ACL using Group. The only non-standard aspect in my schema design is that the groups container is located in a organization specific sub-tree of DIT and not under DIT root, e.g.

access to dn.subtree="ou=resources,ou=dept1,ou=ns1,dc=example,dc=com"
attrs = "entry,@myResourceClass"
group.exact="cn=myadmin,ou=groups,ou=dept1,ou=ns1,dc=example,dc=com" write continue
by * break

access to * by * read

I am logging in with a user who is a member to this group but not getting the desired write access to the entry.

Is the location of the group entries in DIT really matter for ACL to work?

Thanks

-Rakesh

Follow-Ups:
- Re: ACL using Group
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: OpenLDAP SASL Passthrough
Next by Date: Re: ACL using Group
Index(es):
- Chronological
- Thread