Mattes wrote: > Dear collected list wisdom, > > I'm trying to set up access control using membership in a dynamic list.I've activated the dynlist overlay and configured it like this: > > olcDlAttrSet: groupOfURLs memberURL member > > and installed an ACL: > > olcAccess: to dn.regex=".+,<some base>" > by self read > by group/groupOfURLs/member="<group DN>" search > > Browsing the directory I can see the member attributes being added to the > group, but testing access with slapacl I encounter the following error:54ef3976 => bdb_entry_get: found entry: "<group DN>" > 54ef3976 <= bdb_entry_get: failed to find attribute member > > What am I doing wrong? > N.B.: I _did_ add member to the list of allowed attributes for a groupOfURLs ... It's important to understand that dynlist overlay generates attribute 'member' on the fly when it's read. Did you read section AUTHORIZATION in slapo-dynlist(5)? Maybe running this as a CRON job is better for your needs: http://www.stroeder.com/pylib/update_memberurl_groups.py Ciao, Michael. -- E-Mail: michael@stroeder.com http://www.stroeder.com
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature