--On Thursday, January 11, 2007 5:25 PM +0100 Pierangelo Masarati ando@sys-net.it wrote:
I'm not quite sure I understood what you mean. Are you going to use it for access control? Or do you want it to return the actual member list during a search? Can you describe further, and possibly post a sample conf+data, or at least a sketch of what you're trying to accomplish? As far as I can tell, slapo-dynlist(5) doesn't cope fine with ACLs as it is now...
My intention is to be able to do something like:
access to dn.exact="cn=groupa,cn=groups,dc=stanford,dc=edu" by ldapadmins read by <somedn> compare
etc.
And yes, it is to be used for access control. The problem I have right now, is that to instantiate a dynamic group, I have to give <somedn> access to the attribute(s) being used in the filter to create the group, which is exactly what I need to avoid, due to HIPAA concerns.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html