1 Feb
2011
1 Feb
'11
12:59 a.m.
1.1 [...]: I have no idea if this is even possible, let alone how to achieve it.
Just figured out a part of this. Since ACLs seem to apply to new entries before they are even in the database, I just need to restrict access to 'attrs=entry' to the group manager. Since 'UDBgrpAdmin' is a single-valued attribute, there can be no other value than the DN of the creator.
But that still doesn't prevent non-creator DNs in the 'member' attribute...
Updated ACLs:
http://openldap.pastebin.com/VCxM7YzL
Regards, Christian Manal