[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for members of PosixGroup?

To: openldap-software@openldap.org
Subject: ACL for members of PosixGroup?
From: Don Hoover <dxh@yahoo.com>
Date: Fri, 28 Mar 2008 08:52:49 -0700 (PDT)

I was wondering if there was a way to write an ACL for
a members of the PosixGroup.


I have a simple directory structure of:
ou=People,o=myorg  (with posixusers)
ou=Group,o=myorg (with posixgroups)


I would like to create an ACL that allows users who
have a gidNumber of X(say 101) that matches our
systems admin group to have write access.  And I guess
one point is that they are not listed indivudually as
"memberOf" entries in the ou=Group cn, they just have
a gidNumber that matches a group in there.

I tried:

by group="cn=sysads,ou=Group,o=myorg" write

and

by group.expand="cn=sysads,ou=Group,o=myorg" write


Neither one worked, and in fact I saw an error message
of something line:
=> bdb_entry_get: found entry:
"cn=sysads,ou=group,o=myorg"

Mar 28 11:44:59 kyloulapp54dp slapd[5949]: <=
bdb_entry_get: failed to find objectClass groupOfNames



Does the group ACL's require a "groupofNames" instead
of using posixGroups under an OrganizationUnit?


I was wondering if maybe there some regex maybe I
could use to check the gidNumber of the user trying to
attempt access?  I am not a regex genius so any help
would be appreciated.


Thanks!!


---
Don Hoover
dxh@yahoo.com

Follow-Ups:
- Re: ACL for members of PosixGroup?
  - From: "Gavin Henry" <ghenry@suretecsystems.com>
- Re: ACL for members of PosixGroup?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: ACL troubles
Next by Date: Re: ACL for members of PosixGroup?
Index(es):
- Chronological
- Thread