[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group permissions don't seem to work


I'm having a very difficult time setting up group permissions in my
directory. I've read http://www.openldap.org/faq/data/cache/52.html in
the Faq-O-Matic, but am still not making progress.

I have the following environment:


ldif of the group in question:

dn: cn=UserAdmin, ou=Groups, o=regence
description: User Admin Group
objectclass: top
objectclass: groupofNames
member: uid=rrfadler, ou=People, o=regence
cn: UserAdmin

access control statement in slapd.conf:

access to *
    by group="cn=UserAdmin,ou=Groups,o=regence" write
    by self write
    by * read

I've verified via 'slapd -d 255' that I am binding as

In looking at the debug output I see the following strings:

=> ldbm_back_group: found group: "CN=USERADMIN,OU=GROUPS,O=REGENCE"
<= ldbm_back_group: found objectClass and member
<= ldbm_back_group: "UID=RRFADLER,OU=PEOPLE,O=REGENCE" not in

Does anybody have any ideas?

Rick Fadler