[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control 'set=' problem (ITS#3140)



> Hello,
>
> This is working if the group "cn=admins,o=myorg,c=fr" contains the users
> who are allowed to bind. In my case, this group contains another group
> which contains the allowed users (and possibly other groups).
>
> In fact, the set="[cn=admins,o=myorg,c=fr]/member* & user" syntax
> performs a recursive check of all members from groups and sub-groups.
> Maybe is there another way to perform such a recursive check ?
>
> So with your access control and my example ldif, the user
> "cn=toto,ou=people,o=myorg,c=fr" is not allowed to write in the
> directory, whereas he can with the "set=" directive. The problem is that
> an unbind search crashes with openldap 2.2.x with this access control.
>
> Thanks for your time,

OK, I need to study sets a bit more.  Unless the problem is easily
reproducible (I don't have time to check right now), a stack backtrace
might help.  Please follow guidelines at

http://www.openldap.org/faq/data/cache/56.html

about providing stack backtrace and appropriate logs.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497