Darryl Moore wrote:
Thanks Zdenek, Going back to my books I am learning more thanks to your comment. I think I understand what you are saying, but to work I still need to be able to expand the regular expression
so even with set="cn=..../member*" it would have to be set,expand="cn.../member*". because I have to match the group. I don't have a central admin group.
from what I've seen ",expand" only works with dn. constructs. Is that right? How else can I do this?
cheers, darryl
Hello Darryl,
I'm glad I could help a bit. I'm sorry, but I was busy since yesterday (high speed winds, electricity out and too much work on repairs). My knowledge of LDAP ACLs is basic and that was the top I made it so far. I think I've seen some examples in books, but I can't find any at the moment. You might also want to check http://www.openldap.org/doc/admin24/access-control.html '#8.5. Sets - Granting rights based on relationships', but I've read it some time ago and "didn't get it too much" :( May be somebody experienced will pick up and help more.
Have a nice weekend, Zdenek