[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: DynList + posixGroup and permission to Dir
> Hi,
>
> I have problem with OpenLdap and permission to file.
>
> ---
> First - I set this in my slapd.conf:
>
> overlay dynlist
> dynlist-attrset labeledURIObject labeledURI
>
> ---
> Second - I make cn=test,ou=Projects,dc=example,dc=com with:
>
> dn: cn=test,ou=Projects,dc=example,dc=com
> gidNumber: 6789
> objectClass: posixGroup
> objectClass: top
> objectClass: labeledURIObject
> labeledURI:
> ldap:///cn=testgroup,ou=Groups,dc=example,dc=com?memberUid?sub?(objectClass=posixGroup)
> memberUid: user1 (dynamic)
> memberUid: user2 (dynamic)
>
> in cn=testgroup,ou=Groups,dc=example,dc=com i have memberuid: user1 and
> memberUid: user2
>
> ---
> Third - when i made getent group test I have:
>
> test:*:6789:user1,user2
>
> But when i try id user1 i didn't see this group :(
>
> And next i set chmod 770 dir and chown root.test dir and try access to
> this dir.
>
> But of course it is not possible because the user is not in this group
> (that said "id").
>
> Somebody know the resolve? Because i spent a lot of hours and i can't find
> the problem.
slapo-dynlist(5) only allows direct membership, not reverse. Read the man
page: when an entry with a specific objectClass is being returned, URL
expansion may take place. So if you *search* with a dynamic member in the
filter, nothing is returned. What you are trying to accomplish cannot be
obtained using slapo-dynlist(5). You probably need to use slapo-autogroup
(in contrib/slapd-modules/).
p.