[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group.regex in 2.1.22

> At 06:59 PM 10/14/2003, Ace Suares wrote:
> >Please, could anyone using 2.1.22 and using groups in the 'who' clause,
> > send me an output of ACL processing (loglevel 128) ? And also send me the
> > ACL's themselves ?
>
> Note that test006-acls uses ACL groups....
>
> Kurt

Thanks, that was really helpfull. I run a precompiled .rpm and running this 
test was not trivial - but I got the test to run and it worked.

And then I changed (in data/slapd-acl.conf) the following line:

by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write

into

by group.regex="cn=.*,ou=Groups,o=University of Michigan,c=US" write

and it STOPPED working !

The ACL was not to be found in the log files (with loglevel = 128)
whereas with the 'exact' version, you can find:

Backend ACL: access to filter=(objectClass=groupOfNames)
        by group=cn=itd staff,ou=groups,o=university of michigan,c=us 
objectClass: 2.5.6.9 attributeType: member write(=wrscx)
=> bdb_group: found group: "cn=itd staff,ou=groups,o=university of 
michigan,c=us"
<= bdb_group: found objectClass groupOfNames and member
<= bdb_group: "cn=james a jones 1,ou=alumni association,ou=people,o=university 
of michigan,c=us" not in "cn=itd staff,ou=groups,o=university of 
michigan,c=us": member
=> bdb_group: found group: "cn=itd staff,ou=groups,o=university of 
michigan,c=us"
<= bdb_group: found objectClass groupOfNames and member
<= bdb_group: "cn=bjorn jensen,ou=information technology 
division,ou=people,o=university of michigan,c=us" is in "cn=itd 
staff,ou=groups,o=university of michigan,c=us": member

QED ?

_Ace




-- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl