ldapsearch -x -b "cn=ldap_admins,ou=Groups,dc=domain,dc=com" -H
ldapi:///
dn: cn=ldap_admins,ou=Groups,dc=domain,dc=com
objectClass: groupOfNames
cn: ldap_admins
member: uid=test,ou=Users,dc=domain,dc=com
ldapsearch -x -b "cn=test,ou=Users,dc=domain,dc=com" -H
ldapi:///
dn: cn=test,ou=Users,dc=domain,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/test
loginShell: /bin/bash
uid: test
cn: test
uidNumber: 10000
gidNumber: 10000
sn: test
ldapsearch -Y EXTERNAL -H
ldapi:/// -b cn=config 'olcDatabase={1}mdb'
olcAccess: {0}to attrs=userPassword by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by anonymous auth by * none
olcAccess: {1}to * by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by * read
--On Wednesday, August 12, 2020 5:24 PM +0000 Клеусов Владимир Сергеевич <
Kleusov.Vladimir@wildberries.ru> wrote:
Sorry
Please explain the group in the picture in the previous email
cn ldap_admins
member
uid=test,ou=Users,dc=domain,dc=com
Hi,
Don't send images of textual data. Additionally your graphic doesn't show the DN of the group, so there's no way to map it to the ACLs you provided.
Provide actual text data of the entries in question (the group and the user) in addition to the current ACLs.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>