[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's using group access do not work (ITS#2118)




--On Monday, September 30, 2002 1:30 PM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> To eliminate the SASL authzid stuff from this, you try authenticating
> directly as:
> suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu
>
> using simple authentication to see if problem is with
> the group code or the authzid code.  Also, modifying
> bdb_group() to print both the DN and the normalized
> DN of the operation may be useful.
>
> I've tried unsuccessfully to duplicate this problem by
> hacking on test007-acls.

Kurt,

Continuing to hack on the group & value code.  As a side note, I did add

access to *
	by dn="suregid=<blah blah>" read

and I can make a sasl/GSSAPI connection & am given read access, so as long 
as it isn't the group code, it works correctly.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html