[Date Prev][Date Next]
Re: ACL using Group
That was just an example I wrote while writing the email. Actual one does have a "by".
The ACLs parse without warning (except the catch-all where dn=*). This is the real one in my slapd config:
access to dn.regex="^[^,]+,ou=resources,(ou=[^,]+,ou=MyNs,dc=MyCompany,dc=com)$"
by group/groupOfNames/member.expand="cn=admins,ou=groups,$1" +w continue
by * break
On Fri, Nov 11, 2011 at 11:58 AM, Quanah Gibson-Mount <email@example.com>
What you pasted is not a valid ACL statement. I expect it to fail. You may want to try adding the word "by" in front of "group.exact".
--On Friday, November 11, 2011 11:40 AM -0800 Rakesh Aggarwal <firstname.lastname@example.org
I am using OpenLdap 2.4.23 on RedHat, and using Apache Directory Studio
as the client on a different machine.
I am having issues trying to setup ACL using Group. The only non-standard
aspect in my schema design is that the groups container is located in a
organization specific sub-tree of DIT and not under DIT root, e.g.
access to dn.subtree="ou=resources,ou=dept1,ou=ns1,dc=example,dc=com"
attrs = "entry,@myResourceClass"
by * break
access to * by * read
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration