[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: problem with posixGroup in ACL
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt Richard
> Hi,
>
> I have seen this question asked before, but never saw an answer:
> http://www.openldap.org/lists/openldap-software/200303/msg00164.html
>
> I am attempting to use an LDAP group in an ACL, to permit write
> access for members of a specific group.
>
> I am using the following ACL:
>
> access to *
> by
> group/posixGroup/memberUid="cn=admin,cn=groups,dc=example,dc=e
> du" write
> by * read
>
> I am getting the following error when running
> /usr/local/libexec/slapd -d65535:
>
> /usr/local/etc/openldap/slapd.conf: line 58: group
> "cn=admin,cn=groups,dc=fandm,dc=edu": inappropriate syntax:
> 1.3.6.1.4.1.1466.115.121.1.26
>
> This is working in specific Apple releases of OpenLDAP for Mac OSX
> Server, but not in the OpenLDAP release 2.1.22.
>
> Can anyone help clue me in to the problem here? Is there a specific
> patch available to make this work?
An ACL specifier must have DistinguishedName syntax. memberUid uses the wrong
syntax. memberUid is obsolete, you should be using RFC2307bis and
groupOfNames/member instead of memberUid.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support