Re: apping ACLs to groupmembers

[andreas@schuldei.org (Andreas Schuldei)]

On Sun, Mar 06, 2005 at 09:50:55AM +0100, Dieter Kluenter wrote:
> Andreas Schuldei <andreas@schuldei.org> writes:
> 
> > * Dieter Kluenter (dieter@dkluenter.de) [040117 17:44]:
> >> Andreas Schuldei <andreas@schuldei.org> writes:
> 
> >> If you are looking for access control not based on subtrees but on
> >> entries you should try aci's.
> >
> > this has become a issue again and still needs solving.
> >
> > to clarify: 
> >
> > members in group A can write to certain attributes of entries in group B.
> > members in group C can write to certain attributes of entries in group A and B.
> >
> > the groups are hybrids of posixGroup and groupOfNames.
> 
> Read man slapd.access(5), there are some samples on attributelists.
> Furthermore this could be achieved with set, for sample configuration
> search the the archive, as Ando has mailed a few examples lately. The
> following faqs may help as well.

i tried and think the search engine is not playing along:
http://www.openldap.org/cgi-bin/wilma_glimpse/openldap-software?query=Ando&Search=Search&restricttofiles=on&filelist=200503&filelist=200502&filelist=200501&filelist=200412&filelist=200411&filelist=200410&errors=0&maxfiles=1000&maxlines=0&.cgifields=lineonly&.cgifields=restricttofiles&.cgifields=filelist&.cgifields=partial&.cgifields=case

can you please give some more search phrases to use?

> http://www.openldap.org/faq/data/cache/1133.html
> http://www.openldap.org/faq/data/cache/1134.html

i am reading up on sets now, but dont see yet how they can help
me to limit access based on group membership in the subject and
the object. note that i mean user's membership in posixGroups or
groupOfNames here.