On 6/8/23 18:13, Howard Chu wrote:
Just use by group=cn=foo,... write
Thanks for the response.
I tried to use group=... and group.exact=... without success. The Administrator's Guide [1] says that group=... assumes that the objectClass is "groupOfNames", and if I use another objectClass, I should use: by group/<objectclass>/<attributename>=<DN> <access>
However, this method seems not to work with the objectClass "groupOfURLs". When I try to change the olcAccess policy, I get the error: ldap_modify: Other (e.g., implementation specific) error (80) additional info: <olcAccess> handler exited with 1
For further context, I wanted to use set=... because my goal is to create a rule which says: If a user wants to access his own attribute "X" and is in the group "test", he only has read access to it. For that, I would have created a rule like this: by set="this & [cn=test,ou=System,dc=example,dc=local]/member & user" read
Regards, Souji Thenria