[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs using dynlist overlay

To: openldap-technical@openldap.org
Subject: ACLs using dynlist overlay
From: "Mattes" <rm@mh-freiburg.de>
Date: Mon, 02 Mar 2015 16:47:07 +0100
User-agent: SOGoMail 2.2.16

Dear collected list wisdom,

I'm trying to set up access control using membership in a dynamic list.I've activated the dynlist overlay and configured it like this:

olcDlAttrSet: groupOfURLs memberURL member

and installed an ACL:

olcAccess: to dn.regex=".+,<some base>"
by self read
by group/groupOfURLs/member="<group DN>" search

Browsing the directory I can see the member attributes being added to the
group, but testing access with slapacl I encounter the following error:54ef3976 => bdb_entry_get: found entry: "<group DN>"
54ef3976 <= bdb_entry_get: failed to find attribute member

What am I doing wrong?
N.B.: I _did_ add member to the list of allowed attributes for a groupOfURLs ...

TIA Ralf Mattes

Follow-Ups:
- Re: ACLs using dynlist overlay
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: using cn=config to retrieve DIT records
Next by Date: multiple password policies and pwdPolicySubentry
Index(es):
- Chronological
- Thread