How do I control access to operational attributes, in this case memberOf by the eponymous overlay? While I can put an index on 'memberOf' I can't seem to use it in an <attrlist> as part of an ACL:
unknown attr "memberOf" in to clause
(This is on 2.4.22 with all default settings for the memberof overlay and on a syncrepl consumer. The Changelog up to 2.4.25 does not show relevant issues from ITS, AFAICT.)
Neither the slapd.access man page, FAQ or admin guide were of help wrt controlling access to operational attributes (but I may have overlooked something). (I also tried giving access to the 'entry' pseudo attribute, which didn't change the behaviour).
How then are people controlling access to group memberships as provided by the memberof overlay?
cheers, -peter