[Date Prev][Date Next] [Chronological] [Thread] [Top]

apping ACLs to groupmembers



i have (posixAccount)-users and (groupOfNames AND
posixGroup)-groups in my ldap directrory. Now i want to enable
users in one group (junior admins) to edit the userPassword files
for everyone in an other group (students) but not other groups
(like teachera and admins).

i have read up on ACLs and look for a way to write that ACL
entry. the DNs of students, teachers and admins look alike:
uid=XXX,ou=People,dc=...
so i cant filter on dn.subtree or so (as far as i know).

But then i dont know so much about ACLs...

Can i filter for this, somehow? i imagine my filtering must
return real ldap entries which are allowed to be accessed, not
just one entry which contains the forbidden and allowd DNs (in
the member attribute of the groupOfNames groups)?