[Date Prev][Date Next]
ACL using Group
- To: firstname.lastname@example.org
- Subject: ACL using Group
- From: Rakesh Aggarwal <email@example.com>
- Date: Fri, 11 Nov 2011 11:40:44 -0800
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=FEJLldfso5dly9MVPRRYZvpYrXR4SpIzfSkg5SnxDxo=; b=prZNOxT9NYFv5yzl02W2yQ3AkxlO/ayCZlNzEUx/vQ69lFC4ldWTy5Ar0tLObHPv/+ 2n1e/k3SU5nXuGgINa7pkkoD9AbQjCv/LHKYHWJkWWJvr3OvIsSxChSYBviqLh6/0kND uuCx137KHLD4ZOFZrWuDlBIJqS9zhTYsTbpEA=
I am using OpenLdap 2.4.23 on RedHat, and using Apache Directory Studio as the client on a different machine.
I am having issues trying to setup ACL using Group. The only non-standard aspect in my schema design is that the groups container is located in a organization specific sub-tree of DIT and not under DIT root, e.g.
access to dn.subtree="ou=resources,ou=dept1,ou=ns1,dc=example,dc=com"
attrs = "entry,@myResourceClass"
group.exact="cn=myadmin,ou=groups,ou=dept1,ou=ns1,dc=example,dc=com" write continue
by * break
access to * by * read
I am logging in with a user who is a member to this group but not getting the desired write access to the entry.
Is the location of the group entries in DIT really matter for ACL to work?