No, i have seperated Groups like:
dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
cn: IT
objectClass: groupOfUniqueNames
uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com
uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com
and all users under ou=Users,dc=mydomain,dc=edu,dc=com
Thanks
2008/8/14 Gavin Henry <ghenry(a)openldap.org>:
Stelios A. wrote:
>
> Hello,
>
> I have a group called IT and another one called LDAP Admins. There are
> 5 users under IT and 2 under LDAP Admins.
> I'm looking for an acl where members of IT (groupOfUniqueNames) can
> modify/write anywhere under ou=Users.... apart from those users under
> the LDAP Admins group.
> Can anyone give me a help about this please.
>
> I've found only how to give access to IT group but not how to exclude
> LDAP Admins (2 in total) where those 2 exist also under IT group.
>
> Any ideas?
Your DIT sounds a bit messy. Do you have groups under ou=Users?
What is your design?
BTW, man slapd.access
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
--
Stelios A