It depends on how many user you have, were are the user-objects are located in your tree, there are not enough information to solve your problem. If the users are spread over the hole tree you need some kind of regex-ACLs
Am 27.11.19 um 22:41 schrieb Marc Roos:
Can anyone help how I should make the acls that allows users[2] access attributes of ldap entries[1] that have themselves listed in the attribute value sendmailMTAMapValue
Something like: Access to children? ou=xxxx,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local filter=(sendmailMTAMapValue=VAR1) attrs=sendmailMTAKey by uid=VAR1,ou=yyyy,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local read
[1] dn: sendmailMTAKey=test@example.com,ou=xxxx,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa, dc=local objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject objectClass: ritAdditionalInfo sendmailMTAMapName: virtuser sendmailMTACluster: mail sendmailMTAKey: test@example.com sendmailMTAMapValue: testuser
[2] uid=testuser,ou=yyyy,ou=dddd,ou=cccc,dc=bbbb,dc=aaaa,dc=local