On Fri, Jun 09, 2023 at 04:13:46PM +0200, Souji Thenria wrote:
On 08.06.2023 23:15, Quanah Gibson-Mount wrote:
I tried to use group=... and group.exact=... without success. The Administrator's Guide [1] says that group=... assumes that the objectClass is "groupOfNames", and if I use another objectClass, I should use: by group/<objectclass>/<attributename>=<DN> <access>
That is for static groups, not dynamic groups.
In that case, what's the correct approach to use a dynamic group inside an olcAccess rule? The Administrator's Guide says that dynamic groups are supported. But either I am blind, or both the slapo-dynlist(5) man page and the Dynamic Lists overlay section (in the Administrator's Guide) do not include information about ACLS.
See "man 5 slapd.access", it mentions both static groups (a DN-syntax attribute) and dynamic groups (attribute derived from labeledURI) in the "by groups=..." fragment. Dynlist isn't involved in ACL processing and you do not need to load/configure it for this to happen.
Regards,