[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4761) error in "group" authorization parsing

Full_Name: Pierangelo Masarati
Version: HEAD,re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: ando

When an authorization rule using groups, like "group:<dn>" is used, the default
member attribute "member" is erroneously set to an empy berval, resulting in an
invalid filter being used for the internal lookup to check for membership.

A workaround consists in avoiding defaults: "group/<oc>/<at>:<dn>". 
"group/<oc>:<dn>" appears to work as intended, i.e. in this case the default
attribute is correctly used.  A fix is coming.