Hi
I send it along with commands and results

ldapsearch -x -b "cn=ldap_admins,ou=Groups,dc=domain,dc=com" -H ldapi:///

# ldap_admins, Groups, domain.com
dn: cn=ldap_admins,ou=Groups,dc=domain,dc=com
objectClass: groupOfNames
cn: ldap_admins
member: uid=test,ou=Users,dc=domain,dc=com



ldapsearch -x -b "cn=test,ou=Users,dc=domain,dc=com" -H ldapi:///

# test, Users, domain.com
dn: cn=test,ou=Users,dc=domain,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/test
loginShell: /bin/bash
uid: test
cn: test
uidNumber: 10000
gidNumber: 10000
sn: test


ldapsearch  -Y EXTERNAL -H ldapi:/// -b cn=config 'olcDatabase={1}mdb'

olcAccess: {0}to attrs=userPassword by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by anonymous auth by * none
olcAccess: {1}to * by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by * read

12 авг. 2020 г., в 19:35, Quanah Gibson-Mount <quanah@symas.com> написал(а):



--On Wednesday, August 12, 2020 5:24 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.ru> wrote:

Sorry
Please explain the group in the picture in the previous email
cn ldap_admins


member
uid=test,ou=Users,dc=domain,dc=com

Hi,

Don't send images of textual data.  Additionally your graphic doesn't show the DN of the group, so there's no way to map it to the ACLs you provided.

Provide actual text data of the entries in question (the group and the user) in addition to the current ACLs.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>