[Date Prev][Date Next] [Chronological] [Thread] [Top]

Grant access to a group

To: openldap-technical@openldap.org
Subject: Grant access to a group
From: Onno van der Straaten <onno.van.der.straaten@gmail.com>
Date: Wed, 23 Jan 2013 10:08:15 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=a/W8IJWthJXwRBADWOL27QKwszUNospCGBLYAmPYBUg=; b=q5FOSDyVpQR2ev7+iyBfI13DuTySstyGzvGUBCtRmk8RcyN5TLDFS4D5BFjeC2LUX+ ALLuS331jiDTQnC9lODZGK6c8znMZf3xEwBqq7Jj3pQ+sOrjOaUQE/kyX8vUY6ueOtAI j5UXz/LDJyG6aj2UKrbtFGIeghxlMJ8FhUAfVBz4W3Tp+DbZWfT1735Dpgv4w8XVTDBm fyXmpcCZAPbPueFkX6yEWsgvolrjMSz3M7ucfyNIs8ELCiw6bjoF6TJcRchAsWum5y+x nxiSg/S8P363Ya5QgcxZ3WCPUatUk3s2cRI2QoHaot0BHO+6++4+EUnUf7BpHbxOPypz +BLQ==

Hi,

I would like to grant access to a group in my directory. Granting access to user is straightforward and works, for example

access to attrs=myAttribute

by dn="cn=User,dc=mydomain,dc=com" write

by anonymous auth

by users read

by * none

Now I'm trying to do the same using a group for example

access to attrs=myAttribute

by group/groupOfUniqueNames/uniqueMember="cn=ldap-admins,dc=groups,dc=mydomain,dc=com" write

by anonymous auth

by users read

by * none

I can't get this to work. I tried by group and by group.exact, these also don't work. From the documentation I understand that by group assumes objectClass 'groupOfNames' and attribute 'member' I used groupOfUniqueNames and uniqueMember so the configuration ended up as above.

Is is possible to grant access to the directory in such a way? To a group? How?

Best Regards,

Onno

Prev by Date: bug on dynamic configuration with back-sql
Next by Date: RE: (ITS#7498) Openldap syncrepl issue
Index(es):
- Chronological
- Thread