[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL using Group

Hi folks!

I am using OpenLdap 2.4.23 on RedHat, and using Apache Directory Studio as the client on a different machine.

I am having issues trying to setup ACL using Group. The only non-standard aspect in my schema design is that the groups container is located in a organization specific sub-tree of DIT and not under DIT root, e.g.

 access to dn.subtree="ou=resources,ou=dept1,ou=ns1,dc=example,dc=com"
 attrs = "entry,@myResourceClass"
 group.exact="cn=myadmin,ou=groups,ou=dept1,ou=ns1,dc=example,dc=com" write continue
 by * break

access to * by * read

I am logging in with a user who is a member to this group but not getting the desired write access to the entry.

Is the location of the group entries in DIT really matter for ACL to work?