[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: Group permissions don't seem to work]



For all of you that asked me to forward the solution, it's attached.

I removed all the spaces from every dn: etc, in my database and it the
group permissions now work correctly.

-- 
Rick Fadler
rfadler@keystroke.com
206-576-4579
--- Begin Message ---
Probably it's a problem with the spaces in your member attributes or so...

When I set up an entry I never use spaces for dn, etc that helps a lot of
problems

Koen Bosmans


Rick Fadler wrote:

> Hi,
>
> I'm having a very difficult time setting up group permissions in my
> directory. I've read http://www.openldap.org/faq/data/cache/52.html in
> the Faq-O-Matic, but am still not making progress.
>
> I have the following environment:
>
> +o=regence
> +-ou=Groups,o=regence
> +-ou=People,o=regence
>
> ldif of the group in question:
>
> dn: cn=UserAdmin, ou=Groups, o=regence
> description: User Admin Group
> objectclass: top
> objectclass: groupofNames
> member: uid=rrfadler, ou=People, o=regence
> cn: UserAdmin
>
> access control statement in slapd.conf:
>
> access to *
>     by group="cn=UserAdmin,ou=Groups,o=regence" write
>     by self write
>     by * read
>
> I've verified via 'slapd -d 255' that I am binding as
> 'UID=RRFADLER,OU=PEOPLE,O=REGENCE'.
>
> In looking at the debug output I see the following strings:
>
> => ldbm_back_group: found group: "CN=USERADMIN,OU=GROUPS,O=REGENCE"
> <= ldbm_back_group: found objectClass and member
> <= ldbm_back_group: "UID=RRFADLER,OU=PEOPLE,O=REGENCE" not in
> "CN=USERADMIN,OU=GROUPS,O=REGENCE": member
>
> Does anybody have any ideas?
>
> --
> Rick Fadler
> rfadler@keystroke.com
> 206-576-4579


--- End Message ---