i tried this cool solution (https://wiki.univention.de/index.php/Cool_Solution_-_Custom_LDAP_ACLs) and enabled the cool solution repo but as it seems the package univention-custom-ldap-acls is not available for 4.4.
I am not sure if i can achive my goal with that (even if it exist).
I want to create new users via REST-API and creating new groups als also editing existing groups. I would be totaly fine to restrict the access to cn=foobar,dc=foo,dc=bar so that the user “foobar” which is part of the group UDM API USERS can only work on these specific cns, because if not i am afraid that a new domain admin can be raised via this method.
Do you have any recommendations on a 4.4 system to archive this goal?