[Date Prev][Date Next]
RE: problem with posixGroup in ACL
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt Richard
> I have seen this question asked before, but never saw an answer:
> I am attempting to use an LDAP group in an ACL, to permit write
> access for members of a specific group.
> I am using the following ACL:
> access to *
> du" write
> by * read
> I am getting the following error when running
> /usr/local/libexec/slapd -d65535:
> /usr/local/etc/openldap/slapd.conf: line 58: group
> "cn=admin,cn=groups,dc=fandm,dc=edu": inappropriate syntax:
> This is working in specific Apple releases of OpenLDAP for Mac OSX
> Server, but not in the OpenLDAP release 2.1.22.
> Can anyone help clue me in to the problem here? Is there a specific
> patch available to make this work?
An ACL specifier must have DistinguishedName syntax. memberUid uses the wrong
syntax. memberUid is obsolete, you should be using RFC2307bis and
groupOfNames/member instead of memberUid.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support