[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-dynlist desgin question(s)

--On January 16, 2007 6:34:39 PM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

Quanah Gibson-Mount wrote:

This patch also does not work, continuing to use the credentials of the
bound user.

What operation are you performing when it gets to evaluate that filter?
Can you describe it a little bit further?

ldapsearch -LLL -Q -h ldap-dev1 -b "cn=groups,cn=applications,dc=stanford,dc=edu" cn=registry-consult

Output is:

dn: cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn: registry-consult
memberURL: ldap:///cn=people,dc=stanford,dc=edu??sub?(suprivilegegroup=registr

(but no members). Searching with my admin credentials, I get a full user list.

access to dn.exact="cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu"
by dn.base="uid=cadabra,cn=accounts,dc=stanford,dc=edu" sasl_ssf=56 read
by * none

is the ACL in place (admin group comes before this acl with full read to everything in the tree).


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html