[Date Prev][Date Next]
Re: Continued: Security question. (fwd)
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: Re: Continued: Security question. (fwd)
- From: blair christensen <email@example.com>
- Date: Sun, 2 Jul 2000 13:31:26 -0500
- Cc: openldap-software@OpenLDAP.org
- Content-disposition: inline
- In-reply-to: <firstname.lastname@example.org>; from Kurt@OpenLDAP.org on Fri, Jun 30, 2000 at 02:00:48PM -0700
- References: <20000630090143.B17411@bsd.uchicago.edu> <Pine.LNX.email@example.com et> <firstname.lastname@example.org>
- User-agent: Mutt/1.1.4i
i had thought that memberuid was not necessarily of DN syntax,
however, using a DN as the memberuid value was the only was that i was
able to get it to work.
presumably i should be using either groupOfNames or
On Fri, Jun 30, 2000 at 02:00:48PM -0700, Kurt D. Zeilenga wrote:
> ACL groups default to groupOfNames/member. You can
> also use groupOfUniqueNames/uniqueMember.
> Using posixgroup/memberuid makes little sense as memberuid
> is not of DN syntax.
> At 04:40 PM 6/30/00 -0400, Cliff Friedel wrote:
> >On Fri, 30 Jun 2000, blair christensen wrote:
> >> i used the following to get group permissions to work:
> >> access to <attribute>
> >> by group/posixgroup/memberuid="cn=<group name>,ou=group,<domain components>" write
> >> <snip>
> >> where my groups are 'posixGroups' and the members of the groups are
> >> listed in the 'memberUID' attribute. you may want to try a similiar
> >> technique.
> >Ok, read RFC2037 for posixAccount and posixGroup information and am now
> >totally confused (almost to the point that I am not sure whether my LDIFs
> >need to be totally reconfigured to match POSIX guidelines). Can you give
> >me an example LDIF for the group and 1 member's LDIF for me to look at? I
> >realize this is a lot to ask, but I have yet to find a really good
> >resource to get this information from (other than this list =) ). If you
> >could help me out I would greatly appreciate it. Thanks.