(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Category) More information about Access Control : (Category) Specifying the subject : (Answer) Example of Group access
(got it from some posting, many thanks to those who explained it)

Consider a group of names, with "member" and "owner" attributes. We want the "owner" to be able to administrate the group, "members" to be able to subscribe/unsuscribe freely, and some applications located under the "ou=Apps,dc=example,dc=com" node to be able to read "members" to fulfil their task. A possible solution is:

access to dn.exact="cn=My Group,ou=Groups,dc=example,dc=com"
        by dnattr=owner write
        by dnattr=member selfwrite
        by dn.children="ou=Apps,dc=example,dc=com" read

[Append to This Answer]
Next: (Answer) Sets in Access Controls
This document is: http://www.openldap.org/faq/index.cgi?file=1132
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org