[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
dynlist groups not usable in ACLs?
- To: openldap-technical@openldap.org
- Subject: dynlist groups not usable in ACLs?
- From: DRVTiny <mudraia@list.ru>
- Date: Mon, 24 Feb 2014 14:14:56 +0400
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=list.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=42cm4CI4ujDDGYPCdH/3oBx+7jeXuv8KXQXUsgBEgFU=; b=ghqTZoRW7yNizxm1Qchu+ankzlDS+imxn8sEGz+v5KhUKtdvdUxQ5SAKd7iaE2zAoB97K8eNZDB1zLuvCi5etb4/SbqDF6l+aOqfBduxoVC5fm3DR+XkqgJqBNDNi/2ZeOqarn0K0Xg1DALgBQjDG2wVCy09zQ1Zd2o/06jsKtw=;
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
OpenLDAP 2.4.39, amd64, debian 7
When i use the group with only static members in "by
group/groupOfNames/member" clause - all works perfectly
But when i'm trying to use in ACL definition dynamic members in 1:1
identicaly group - it doesnt work at all and in slapd debug output i see:
---
530b1a22 dnMatch -40
"dc=ru"
"uid=konovalov-aa,ou=people,dc=svc,dc=ot,dc=ru"
---
where "dc=ru" is one static member of this group (all others is dynamic
members and it is not compared to
"uid=konovalov-aa,ou=people,dc=svc,dc=ot,dc=ru" at all).
It is very strange behavior, because official documentation says that:
---
Dynamic Groups are also supported in Access Control. Please see
slapo-dynlist(5) and the Dynamic Lists overlay section.
---
Any comments? Can i use dynlist'ed groups in OpenLDAP ACL?