[Date Prev][Date Next] [Chronological] [Thread] [Top]

Nested groupOfNames members

To: openldap-software@OpenLDAP.org
Subject: Nested groupOfNames members
From: Pierre-Francois LAURAND <francois.laurand@univ-tours.fr>
Date: Tue, 05 Jul 2005 15:17:10 +0200
Organization: Universite de Tours - UFR Sciences - IUP de Blois
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8b) Gecko/20050412

Hi,

Can someone tell me if a groupOfNames object can be used as a member of another groupOfNames object ?

Considering the following example,

dn: cn=foo,o=mycorp
objectClass: organizationalRole
cn: foo

dn: cn=group1,o=mycorp
objectClass: groupOfNames
cn: group1
member: cn=foo,o=mycorp

dn: cn=group1,l=paris,o=mycorp
objectClass: groupOfNames
cn: group1
member: cn=group1,o=mycorp


With some acls based like :

access to dn.subtree="o=mycorp" attrs=userPassword by self =rwscx by * =x access to dn.subtree="o=mycorp" by users =rscx access to dn.subtree="ou=something,o=mycorp" by group.base="cn=group1,l=paris,o=mycorp =rscx by * =0

cn=foo,o=mycorp cannot read entry in ou=something,o=mycorp.


Thanks for your help,
--
Pierre-Francois LAURAND

Follow-Ups:
- Re: Nested groupOfNames members
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Problem with indexes not consistent
Next by Date: Re: Nested groupOfNames members
Index(es):
- Chronological
- Thread