[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group permissions don't seem to work

To: openldap-software@OpenLDAP.org
Subject: Group permissions don't seem to work
From: Rick Fadler <rfadler@keystrokenet.com>
Date: Tue, 18 Apr 2000 10:46:49 -0700

Hi,

I'm having a very difficult time setting up group permissions in my
directory. I've read http://www.openldap.org/faq/data/cache/52.html in
the Faq-O-Matic, but am still not making progress.

I have the following environment:

+o=regence
+-ou=Groups,o=regence
+-ou=People,o=regence

ldif of the group in question:

dn: cn=UserAdmin, ou=Groups, o=regence
description: User Admin Group
objectclass: top
objectclass: groupofNames
member: uid=rrfadler, ou=People, o=regence
cn: UserAdmin

access control statement in slapd.conf:

access to *
    by group="cn=UserAdmin,ou=Groups,o=regence" write
    by self write
    by * read

I've verified via 'slapd -d 255' that I am binding as
'UID=RRFADLER,OU=PEOPLE,O=REGENCE'.

In looking at the debug output I see the following strings:

=> ldbm_back_group: found group: "CN=USERADMIN,OU=GROUPS,O=REGENCE"
<= ldbm_back_group: found objectClass and member
<= ldbm_back_group: "UID=RRFADLER,OU=PEOPLE,O=REGENCE" not in
"CN=USERADMIN,OU=GROUPS,O=REGENCE": member

Does anybody have any ideas?

-- 
Rick Fadler
rfadler@keystroke.com
206-576-4579

Prev by Date: Re: multiple admins and access rights
Next by Date: Re: ldapadd question
Index(es):
- Chronological
- Thread