[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACL and groupOfUniqueNames (ITS#2227)

To: openldap-its@OpenLDAP.org
Subject: RE: ACL and groupOfUniqueNames (ITS#2227)
From: hyc@highlandsun.com
Date: Wed, 11 Dec 2002 00:34:33 GMT

This problem has now been fixed in the CVS HEAD.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of
> RNappert@juniper.net
> Sent: Tuesday, December 10, 2002 12:59 PM
> To: openldap-its@OpenLDAP.org
> Subject: RE: ACL and groupOfUniqueNames (ITS#2227)
> 
> 
> Sorry, the log, I delivered was not correct. The debug info 
> supposed to look
> like 
> 
> >>>>
> Using ACLs with group/groupOfUniqueNames/uniqueMember=...
> does not work. If I use the group=... directive it works.
> Debugging indicates, that the uniqueMember value is not recognized:
> 
> => bdb_group: found group: "cn=admin,o=operators"
> <= bdb_group: found objectClass groupOfUniqueNames and uniqueMember
> <= bdb_group: "cn=write-operator,o=operators" not in 
> "cn=admin,o=operato
> rs": uniqueMember
> <<<<
> 
> To answer your question, I am 100 % sure that the data is 
> correct. My ACLs
> always worked with any 2.0.x release. I never tested it with 
> 2.1.x before
> 2.1.8.
> I retested the whole scenario with 2.1.9, but it still does not work.
> 
> Keep in mind that it work, if I use the objectclass groupOfNames.
> 
> -----Original Message-----
> From: Howard Chu [mailto:openldap-its@OpenLDAP.org]
> Sent: Tuesday, December 10, 2002 3:45 PM
> To: rnappert@juniper.net
> Subject: Re: ACL and groupOfUniqueNames (ITS#2227)
> 
> 
> Are you sure your database entries are correct? Where did it 
> get the DN
> "cn=admin,o=operators,o=umc" if it was looking for the group
>  "cn=admin,o=operators" ?
> 
> >>>>
> Using ACLs with group/groupOfUniqueNames/uniqueMember=...
> does not work. If I use the group=... directive it works.
> Debugging indicates, that the uniqueMember value is not recognized:
> 
> => bdb_group: found group: "cn=admin,o=operators"
> <= bdb_group: found objectClass groupOfUniqueNames and uniqueMember
> <= bdb_group: "cn=write-operator,o=operators" not in 
> "cn=admin,o=operato
> rs,o=umc": uniqueMember
> <<<<
> 
>

Prev by Date: Re: ITS#2182 IDL cache
Next by Date: ITS#2062
Index(es):
- Chronological
- Thread