[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl filter using attribute memberof


I am trying to configure acl to allow read access of entries in a container based on group membership of these entries.  I have tried the following and failed:

access to dn.subtree="ou=myou,dc=example,dc=com" attrs=@extensibleObject filter="(memberof=mygroup)"
 by dn="uid=admin,ou=Operators,dc=example,dc=com" read

I have a group "cn=mygroup,ou=groups,dc=example,dc=com" with member entries, that are dn's of the container ou=myou.
When I try to ommit the filter, I can use this dn to read the memberof attribute.

What is missing here?
Thanks in advance,