[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL using netgroups

To: openldap-software@OpenLDAP.org
Subject: Re: ACL using netgroups
From: Claudio Strizzolo <Claudio.Strizzolo@ts.infn.it>
Date: Thu, 23 Nov 2006 10:14:43 +0100
User-agent: Thunderbird 1.5.0.8 (X11/20061108)

Hi Dieter,

Hello Dieter,
thanks for your reply.
I tried as you suggested:

by dn="cn=ldapauth,dc=example,dc=com" \
group/nisNetgroup/nisNetgroupTriple=cn=linuxa,ou=netgroup,dc=example,dc=com
read

Unfortunately it does not work:

>>
>> [...]

If that matters, I am using openldap 2.2.13.


> Ah your historic version might be a problem. I can't remember, in
> which version the group expansion has been implemented.
> My slapd.access(5) OpenLDAP-2.3.27 states
> THE <WHO> FIELD
>
> [...]
>     It can have the forms
>
>       [ other forms deleted ]
>            group[/<objectclass>[/<attrname>]]

Actually I have the same syntax available in my slapd.access:

<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
        [dnattr=<attrname>]
        [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
        [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
        [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]

So probably the error is somewhere else. I report it again for the list (sorry, I replied to Dieter only instead of the list the first time):

Checking configuration files for slurpd: /etc/openldap/userauth.acl: line 82: group "cn=linuxa,ou=netgroup,dc=example,dc=com": inappropriate syntax: 1.3.6.1.1.1.0.0 <access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+ (...)

Any hints?
Thanks again

Claudio

Follow-Ups:
- Re: ACL using netgroups
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: ACL using netgroups
Next by Date: Antwort: Re: slapd + valsort using 100% CPU and causing slpad to become unresponsive
Index(es):
- Chronological
- Thread