I'm trying to use the following search filter:
(&(objectClass=organizationalPerson)(!(ou:dn:=external-community))(memberOf=cn=users,ou=mailing,ou=groups,dc=linaro,dc=org))
If I use an admin account, the search works. If I use a restricted account, the search doesn't work. The restricted account is only allowed to retrieve a subset of attributes, e.g.:
add: olcAccess olcAccess: to dn.children="dc=linaro,dc=org" filter=(objectClass=organizationalUnit) attrs=entry,description,organizationalStatus,mail,jpegPhoto,@organizationalUnit by group="cn=binder-group,ou=binders,dc=linaro,dc=org" read
add: olcAccess olcAccess: to dn.children="dc=linaro,dc=org" filter=(objectClass=inetOrgPerson) attrs=businessCategory,jpegPhoto,labeledURI,roomNumber,modifyTimestamp,employeeNumber,memberOf by group="cn=binder-group,ou=binders,dc=linaro,dc=org" read
(That is only a snippet of our configuration)
What do I need to grant read access to in order to get the search filter to work with restricted accounts?
Thanks.
Philip