[Date Prev][Date Next]
(ITS#4761) error in "group" authorization parsing
Full_Name: Pierangelo Masarati
Submission from: (NULL) (18.104.22.168)
Submitted by: ando
When an authorization rule using groups, like "group:<dn>" is used, the default
member attribute "member" is erroneously set to an empy berval, resulting in an
invalid filter being used for the internal lookup to check for membership.
A workaround consists in avoiding defaults: "group/<oc>/<at>:<dn>".
"group/<oc>:<dn>" appears to work as intended, i.e. in this case the default
attribute is correctly used. A fix is coming.