--- Begin Message ---
Probably it's a problem with the spaces in your member attributes or so...
When I set up an entry I never use spaces for dn, etc that helps a lot of
problems
Koen Bosmans
Rick Fadler wrote:
> Hi,
>
> I'm having a very difficult time setting up group permissions in my
> directory. I've read http://www.openldap.org/faq/data/cache/52.html in
> the Faq-O-Matic, but am still not making progress.
>
> I have the following environment:
>
> +o=regence
> +-ou=Groups,o=regence
> +-ou=People,o=regence
>
> ldif of the group in question:
>
> dn: cn=UserAdmin, ou=Groups, o=regence
> description: User Admin Group
> objectclass: top
> objectclass: groupofNames
> member: uid=rrfadler, ou=People, o=regence
> cn: UserAdmin
>
> access control statement in slapd.conf:
>
> access to *
> by group="cn=UserAdmin,ou=Groups,o=regence" write
> by self write
> by * read
>
> I've verified via 'slapd -d 255' that I am binding as
> 'UID=RRFADLER,OU=PEOPLE,O=REGENCE'.
>
> In looking at the debug output I see the following strings:
>
> => ldbm_back_group: found group: "CN=USERADMIN,OU=GROUPS,O=REGENCE"
> <= ldbm_back_group: found objectClass and member
> <= ldbm_back_group: "UID=RRFADLER,OU=PEOPLE,O=REGENCE" not in
> "CN=USERADMIN,OU=GROUPS,O=REGENCE": member
>
> Does anybody have any ideas?
>
> --
> Rick Fadler
> rfadler@keystroke.com
> 206-576-4579
--- End Message ---