Re: slapo-dynlist desgin question(s)

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On January 16, 2007 6:34:39 PM +0100 Pierangelo Masarati 
<ando@sys-net.it> wrote:

> Quanah Gibson-Mount wrote:
>
> > This patch also does not work, continuing to use the credentials of the
> > bound user.
>
>
> What operation are you performing when it gets to evaluate that filter?
> Can you describe it a little bit further?


ldapsearch -LLL -Q -h ldap-dev1 -b 
"cn=groups,cn=applications,dc=stanford,dc=edu" cn=registry-consult

Output is:

dn: cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn: registry-consult
memberURL: 
ldap:///cn=people,dc=stanford,dc=edu??sub?(suprivilegegroup=registr
y:consult)


(but no members).  Searching with my admin credentials, I get a full user 
list.

access to 
dn.exact="cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu"
       by dn.base="uid=cadabra,cn=accounts,dc=stanford,dc=edu" sasl_ssf=56 
read
       by * none


is the ACL in place (admin group comes before this acl with full read to 
everything in the tree).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html