[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Continued: Security question. (fwd)

To: Cliff Friedel <cliff@wrkcs.net>
Subject: Re: Continued: Security question. (fwd)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 30 Jun 2000 14:00:48 -0700
Cc: blair christensen <blair@bsd.uchicago.edu>, openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.21.0006301634460.4373-100000@nfsclient1.wrkcs.n et>
References: <20000630090143.B17411@bsd.uchicago.edu>

ACL groups default to groupOfNames/member.  You can
also use groupOfUniqueNames/uniqueMember.

Using posixgroup/memberuid makes little sense as memberuid
is not of DN syntax.

At 04:40 PM 6/30/00 -0400, Cliff Friedel wrote:
>On Fri, 30 Jun 2000, blair christensen wrote:
>> 
>> i used the following to get group permissions to work:
>> 
>> access to <attribute>
>>         by group/posixgroup/memberuid="cn=<group name>,ou=group,<domain components>" write
>>       <snip>
>> 
>> where my groups are 'posixGroups' and the members of the groups are
>> listed in the 'memberUID' attribute.  you may want to try a similiar
>> technique.
>> 
>Ok, read RFC2037 for posixAccount and posixGroup information and am now
>totally confused (almost to the point that I am not sure whether my LDIFs
>need to be totally reconfigured to match POSIX guidelines).  Can you give
>me an example LDIF for the group and 1 member's LDIF for me to look at? I
>realize this is a lot to ask, but I have yet to find a really good
>resource to get this information from (other than this list =) ).  If you
>could help me out I would greatly appreciate it.  Thanks.
>
>Cliff

References:
- Re: Continued: Security question. (fwd)
  - From: blair christensen <blair@bsd.uchicago.edu>

Prev by Date: Re: Continued: Security question. (fwd)
Next by Date: Re: The right way to add auxiliary classes
Index(es):
- Chronological
- Thread