Hello, I am trying to configure acl to allow read access of entries in a container based on group membership of these entries. I have tried the following and failed: access to dn.subtree="ou=myou,dc=example,dc=com" attrs=@extensibleObject filter="(memberof=mygroup)" by dn="uid=admin,ou=Operators,dc=example,dc=com" read I have a group "cn=mygroup,ou=groups,dc=example,dc=com" with member entries, that are dn's of the container ou=myou. When I try to ommit the filter, I can use this dn to read the memberof attribute. What is missing here? Thanks in advance, Dorit. |