[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACL and groupOfUniqueNames (ITS#2227)

To: openldap-its@OpenLDAP.org
Subject: RE: ACL and groupOfUniqueNames (ITS#2227)
From: RNappert@juniper.net
Date: Tue, 10 Dec 2002 20:59:26 GMT

Sorry, the log, I delivered was not correct. The debug info supposed to look
like 

>>>>
Using ACLs with group/groupOfUniqueNames/uniqueMember=...
does not work. If I use the group=... directive it works.
Debugging indicates, that the uniqueMember value is not recognized:

=> bdb_group: found group: "cn=admin,o=operators"
<= bdb_group: found objectClass groupOfUniqueNames and uniqueMember
<= bdb_group: "cn=write-operator,o=operators" not in "cn=admin,o=operato
rs": uniqueMember
<<<<

To answer your question, I am 100 % sure that the data is correct. My ACLs
always worked with any 2.0.x release. I never tested it with 2.1.x before
2.1.8.
I retested the whole scenario with 2.1.9, but it still does not work.

Keep in mind that it work, if I use the objectclass groupOfNames.

-----Original Message-----
From: Howard Chu [mailto:openldap-its@OpenLDAP.org]
Sent: Tuesday, December 10, 2002 3:45 PM
To: rnappert@juniper.net
Subject: Re: ACL and groupOfUniqueNames (ITS#2227)


Are you sure your database entries are correct? Where did it get the DN
"cn=admin,o=operators,o=umc" if it was looking for the group
 "cn=admin,o=operators" ?

>>>>
Using ACLs with group/groupOfUniqueNames/uniqueMember=...
does not work. If I use the group=... directive it works.
Debugging indicates, that the uniqueMember value is not recognized:

=> bdb_group: found group: "cn=admin,o=operators"
<= bdb_group: found objectClass groupOfUniqueNames and uniqueMember
<= bdb_group: "cn=write-operator,o=operators" not in "cn=admin,o=operato
rs,o=umc": uniqueMember
<<<<

Prev by Date: Re: ITS#2183 IDL stack slab
Next by Date: Re: ITS#2182 IDL cache
Index(es):
- Chronological
- Thread