Am Fri, 7 Mar 2014 11:11:23 -0800
schrieb Tim Gustafson t...@ucsc.edu:
Hi,
I've had OpenLDAP set up for a while now such that users can create
groups and manage the groups that they've created. I've achieved this
by creating a new objectClass (called managedGroup) which adds the
manager
Hi,
I've had OpenLDAP set up for a while now such that users can create
groups and manage the groups that they've created. I've achieved this
by creating a new objectClass (called managedGroup) which adds the
manager attribute, and then I've set up ACLs like this:
olcAccess: {14}to
Tim Gustafson wrote:
Hi,
I've had OpenLDAP set up for a while now such that users can create
groups and manage the groups that they've created. I've achieved this
by creating a new objectClass (called managedGroup) which adds the
manager attribute, and then I've set up ACLs like this:
1.1 [...]: I have no idea if this is even possible, let alone how to
achieve it.
Just figured out a part of this. Since ACLs seem to apply to new entries
before they are even in the database, I just need to restrict access to
'attrs=entry' to the group manager. Since 'UDBgrpAdmin' is a