Guillaume Rousse wrote:
Pierangelo Masarati a écrit :
The second directive is that ACLs seems to ignore this dynamic group: # admins access to dn.subtree="dc=msr-inria,dc=inria,dc=fr" by group="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write by * break
Try
access to dn.subtree="dc=msr-inria,dc=inria,dc=fr" by group/groupOfURLs/memberURL="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write by * break
(please excuse any unintended line wrapping).
Indeed, many thanks.
This is an often overlooked requirement of groups that use group objectClass and member attribute other than groupOfNames and member. Probably a note should be added to slapo-dynlist(5) man page and somewhere else as appropriate.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------