From jasondearborn@gmail.com Fri Oct 26 20:42:43 2007 From: Jason Dearborn To: openldap-software@openldap.org Subject: Re: Access Control by group Date: Fri, 26 Oct 2007 13:42:36 -0700 Message-ID: <4296d7270710261342x760ab552i66652f9bd3687702@mail.gmail.com> In-Reply-To: <4296d7270710261330s328dff96sf0c2c1ab8a961404@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7830847384682601019==" --===============7830847384682601019== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Ack. Just found this: http://www.openldap.org/lists/openldap-software/200710/msg00343.html and this: http://www.mail-archive.com/openldap-software(a)openldap.org/msg08524.html Looks like other people are trying to work with posixGroups as well. On 10/26/07, Jason Dearborn wrote: > > I'd like to grant members of an Administrator group full access to > everything in LDAP. > > According to the ldap FAQ, the default objectclass is "groupOfNames" and > the default attribute checked is "member". To match my config I'd need to > change the values to "posixGroup" and "memberUid" respectively. It looks > like you can do that with the following syntax: > > ::= group[/[/][.