[Date Prev][Date Next]
Re: ACL's using group access do not work (ITS#2118)
--On Monday, October 07, 2002 3:31 PM -0700 "Kurt D. Zeilenga"
> At 03:12 PM 2002-10-07, Quanah Gibson-Mount wrote:
>> I haven't heard anything back on this from you in a bit, but I've got
>> more exciting debugging pieces of information. ;)
> Been busy... you just gave what I was just about to ask for...
> the schema definition for suRegID.
>> So (see output below),
>> When it is going through looking at whether or not suRegID is a member
>> of the group supervisor, it is doing an OID validate? Why?
> Because you defined values of the attribute to be OIDs.
>> Should it care about the OID of suRegID?
> It cares about values of attribute.
>> Also, the "oid" it is validating appears to be my suRegID number.
> Yeap, 22.214.171.124.4.1.14126.96.36.199.38 is OID.
>> Is this then a problem with the schema definition of suRegID?
>> attributetype ( 188.8.131.52.4.1.2184.108.40.206 NAME ( 'suRegID' )
>> EQUALITY objectIdentifierMatch
>> SYNTAX 220.127.116.11.4.1.1418.104.22.168.38 SINGLE-VALUE)
> This explains the DN normalization failure. Basically
> you are trying to compare two invalid values. The
> comparison where the assertion and/or stored value is
> invalid is Undefined and this results in False match.
> You likely should define this to be some IA5 string with
> case ignore (IA5) matching.
Thanks, that fixed it. I'm going to have a nice, long chat with the person
writing our schema when they get back from vacation in Fiji next week.
Senior Systems Administrator
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html