Aaron Richton wrote:
I'm not sure I'm reading you right, but it sounds like you're hosting:
dn: cn=someObject,dc=example,dc=com groupOfWriters: cn=specialPeople,dc=example,dc=com
dn: cn=specialPeople,dc=example,dc=com uniqueMember: cn=Bob,dc=example,dc=com uniqueMember: cn=Charlie,dc=example,dc=com
Something like that? Well, first off, consider if you can handle this with the simple case -- that is,
access to "cn=someObject,dc=example,dc=com" by group/groupOfUniqueNames/uniqueMember.exact="cn=specialPeople,dc=example,dc=com" write
Try the ACL test that ships with slapd if you want to see that in action. But it sounds like you want this to be dynamic based off groupOfWriters. I think you can do that with a set ACL. Maybe something along the lines of
by set="groupOfWriters/member & user" write
but that's just off the top of my head and quite likely insufficient.
by set="this/groupOfWriters/member & user" write
would probably be more appropriate :)
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------