[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's using group access do not work (ITS#2118)

--On Monday, October 07, 2002 3:31 PM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 03:12 PM 2002-10-07, Quanah Gibson-Mount wrote:
>> I haven't heard anything back on this from you in a bit, but I've got
>> more exciting debugging pieces of information. ;)
> Been busy... you just gave what I was just about to ask for...
> the schema definition for suRegID.
>> So (see output below),
>> When it is going through looking at whether or not suRegID is a member
>> of the group supervisor, it is doing an OID validate? Why?
> Because you defined values of the attribute to be OIDs.
>> Should it care about the OID of suRegID?
> It cares about values of attribute.
>> Also, the "oid" it is validating appears to be my suRegID number.
> Yeap, is OID.
>> Is this then a problem with the schema definition of suRegID?
>> attributetype ( NAME ( 'suRegID' )
>>        EQUALITY objectIdentifierMatch
> This explains the DN normalization failure.  Basically
> you are trying to compare two invalid values.  The
> comparison where the assertion and/or stored value is
> invalid is Undefined and this results in False match.
> You likely should define this to be some IA5 string with
> case ignore (IA5) matching.


Thanks, that fixed it.  I'm going to have a nice, long chat with the person 
writing our schema when they get back from vacation in Fiji next week.


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html