[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access control 'set=' problem (ITS#3140)
> Hello,
>
> This is working if the group "cn=admins,o=myorg,c=fr" contains the users
> who are allowed to bind. In my case, this group contains another group
> which contains the allowed users (and possibly other groups).
>
> In fact, the set="[cn=admins,o=myorg,c=fr]/member* & user" syntax
> performs a recursive check of all members from groups and sub-groups.
> Maybe is there another way to perform such a recursive check ?
>
> So with your access control and my example ldif, the user
> "cn=toto,ou=people,o=myorg,c=fr" is not allowed to write in the
> directory, whereas he can with the "set=" directive. The problem is that
> an unbind search crashes with openldap 2.2.x with this access control.
>
> Thanks for your time,
OK, I need to study sets a bit more. Unless the problem is easily
reproducible (I don't have time to check right now), a stack backtrace
might help. Please follow guidelines at
http://www.openldap.org/faq/data/cache/56.html
about providing stack backtrace and appropriate logs.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497