[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: Group permissions don't seem to work]



I thought this bug would have been fixed. I fixed it in my copy of an older
revision. The "preoblem" is that the attributes of the group being used for
acl testing are not treated as the ND's that they are. They are trated as
cis. THis in my way of thinking is totally incorrect given that a group is
always a list of dn's and nothing else. I don't undestand how it could have
been coded otherwise.

This also effect the way the regex evaluation works withing the acls, have
these been fixed for cse sensitivity or are we still supposed the be regex
experts to use this facility.

Cheers, no offense inteded,
   Gerrit Thomson.


Rick Fadler wrote:

> For all of you that asked me to forward the solution, it's attached.
>
> I removed all the spaces from every dn: etc, in my database and it the
> group permissions now work correctly.
>
> --
> Rick Fadler
> rfadler@keystroke.com
> 206-576-4579
>
>   ------------------------------------------------------------------------
>
> Subject: Re: Group permissions don't seem to work
> Date: Wed, 19 Apr 2000 09:21:14 +0200
> From: Koen Bosmans <kbo@elex.be>
> Organization: Elex NV
> To: Rick Fadler <rfadler@keystrokenet.com>
> References: <38FC9F89.99F0AF43@keystrokenet.com>
>
> Probably it's a problem with the spaces in your member attributes or so...
>
> When I set up an entry I never use spaces for dn, etc that helps a lot of
> problems
>
> Koen Bosmans
>
> Rick Fadler wrote:
>
> > Hi,
> >
> > I'm having a very difficult time setting up group permissions in my
> > directory. I've read http://www.openldap.org/faq/data/cache/52.html in
> > the Faq-O-Matic, but am still not making progress.
> >
> > I have the following environment:
> >
> > +o=regence
> > +-ou=Groups,o=regence
> > +-ou=People,o=regence
> >
> > ldif of the group in question:
> >
> > dn: cn=UserAdmin, ou=Groups, o=regence
> > description: User Admin Group
> > objectclass: top
> > objectclass: groupofNames
> > member: uid=rrfadler, ou=People, o=regence
> > cn: UserAdmin
> >
> > access control statement in slapd.conf:
> >
> > access to *
> >     by group="cn=UserAdmin,ou=Groups,o=regence" write
> >     by self write
> >     by * read
> >
> > I've verified via 'slapd -d 255' that I am binding as
> > 'UID=RRFADLER,OU=PEOPLE,O=REGENCE'.
> >
> > In looking at the debug output I see the following strings:
> >
> > => ldbm_back_group: found group: "CN=USERADMIN,OU=GROUPS,O=REGENCE"
> > <= ldbm_back_group: found objectClass and member
> > <= ldbm_back_group: "UID=RRFADLER,OU=PEOPLE,O=REGENCE" not in
> > "CN=USERADMIN,OU=GROUPS,O=REGENCE": member
> >
> > Does anybody have any ideas?
> >
> > --
> > Rick Fadler
> > rfadler@keystroke.com
> > 206-576-4579