Hi Dieter,
Hello Dieter, thanks for your reply. I tried as you suggested:
by dn="cn=ldapauth,dc=example,dc=com" \ group/nisNetgroup/nisNetgroupTriple=cn=linuxa,ou=netgroup,dc=example,dc=com read
Unfortunately it does not work:
[...]
If that matters, I am using openldap 2.2.13.
Ah your historic version might be a problem. I can't remember, in which version the group expansion has been implemented. My slapd.access(5) OpenLDAP-2.3.27 states THE <WHO> FIELD
[...] It can have the forms
[ other forms deleted ] group[/<objectclass>[/<attrname>]]
Actually I have the same syntax available in my slapd.access:
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]
So probably the error is somewhere else. I report it again for the list (sorry, I replied to Dieter only instead of the list the first time):
Checking configuration files for slurpd: /etc/openldap/userauth.acl: line 82: group "cn=linuxa,ou=netgroup,dc=example,dc=com": inappropriate syntax: 1.3.6.1.1.1.0.0 <access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+ (...)
Any hints? Thanks again
Claudio