[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL using netgroups



Hi Dieter,

Hello Dieter,
thanks for your reply.
I tried as you suggested:

by dn="cn=ldapauth,dc=example,dc=com" \
group/nisNetgroup/nisNetgroupTriple=cn=linuxa,ou=netgroup,dc=example,dc=com
read

Unfortunately it does not work:
>>
>> [...]

If that matters, I am using openldap 2.2.13.

> Ah your historic version might be a problem. I can't remember, in > which version the group expansion has been implemented. > My slapd.access(5) OpenLDAP-2.3.27 states > THE <WHO> FIELD > > [...] > It can have the forms > > [ other forms deleted ] > group[/<objectclass>[/<attrname>]]

Actually I have the same syntax available in my slapd.access:

<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
        [dnattr=<attrname>]
        [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
        [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
        [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]

So probably the error is somewhere else. I report it again for the list (sorry, I replied to Dieter only instead of the list the first time):

Checking configuration files for slurpd: /etc/openldap/userauth.acl: line 82: group "cn=linuxa,ou=netgroup,dc=example,dc=com": inappropriate syntax: 1.3.6.1.1.1.0.0
<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
(...)


Any hints?
Thanks again

Claudio