From jasondearborn@gmail.com Fri Oct 26 20:30:59 2007 From: Jason Dearborn To: openldap-software@openldap.org Subject: Access Control by group Date: Fri, 26 Oct 2007 13:30:53 -0700 Message-ID: <4296d7270710261330s328dff96sf0c2c1ab8a961404@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0869947652784034342==" --===============0869947652784034342== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit I'd like to grant members of an Administrator group full access to everything in LDAP. According to the ldap FAQ, the default objectclass is "groupOfNames" and the default attribute checked is "member". To match my config I'd need to change the values to "posixGroup" and "memberUid" respectively. It looks like you can do that with the following syntax: ::= group[/[/][.