hi,
I'm trying to configure a not complex (as I believe) ACL ... but have some difficulties
I have two posixGroup groups
cn=admins,ou=group,dc=foo cn=coadmins,ou=group,dc=foo
my users resides in ou=People,dc=foo
so, in subtree ou=People,dc=foo I need to allow anything to admins (and it is not difficult of course)
for example this works for me:
access to dn.subtree="ou=People,dc=foo" by set="[cn=admin,ou=group,dc=foo]/memberUid & user/uid" manage by self write by users read by * break
but in addition I need to allow my coadmins to do the same things except manipulations upon the objects which belong to admins ( ...anyobject,uid=adminuser,ou=People,dc=foo )
so, the question is: how? (if it is possible at all) :(
please, advise