No, i have seperated Groups like:
dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr cn: IT objectClass: groupOfUniqueNames uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com
and all users under ou=Users,dc=mydomain,dc=edu,dc=com
Thanks
2008/8/14 Gavin Henry ghenry@openldap.org:
Stelios A. wrote:
Hello,
I have a group called IT and another one called LDAP Admins. There are 5 users under IT and 2 under LDAP Admins. I'm looking for an acl where members of IT (groupOfUniqueNames) can modify/write anywhere under ou=Users.... apart from those users under the LDAP Admins group. Can anyone give me a help about this please.
I've found only how to give access to IT group but not how to exclude LDAP Admins (2 in total) where those 2 exist also under IT group.
Any ideas?
Your DIT sounds a bit messy. Do you have groups under ou=Users?
What is your design?
BTW, man slapd.access
-- Kind Regards,
Gavin Henry. OpenLDAP Engineering Team.
E ghenry@OpenLDAP.org
Community developed LDAP software.