[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group.regex in 2.1.22



At 09:07 PM 10/14/2003, Ace Suares wrote:

>> At 06:59 PM 10/14/2003, Ace Suares wrote:
>> >Please, could anyone using 2.1.22 and using groups in the 'who' clause,
>> > send me an output of ACL processing (loglevel 128) ? And also send me the
>> > ACL's themselves ?
>>
>> Note that test006-acls uses ACL groups....
>>
>> Kurt
>
>Thanks, that was really helpfull. I run a precompiled .rpm and running this 
>test was not trivial - but I got the test to run and it worked.
>
>And then I changed (in data/slapd-acl.conf) the following line:
>
>by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write
>
>into
>
>by group.regex="cn=.*,ou=Groups,o=University of Michigan,c=US" write


Ah, the problem here is that, in this case, the regex style
indicates the value is a replacement string which is filled
based matched text of a previously evaluated regular
expression.  Think of group.regex as meaning group.replacement
(maybe we should change the code/documentation.... feel free
to submit a suggestion as an ITS).

>and it STOPPED working !

Yes, the string after replacement is not refer to a group.

>The ACL was not to be found in the log files (with loglevel = 128)
>whereas with the 'exact' version, you can find:
>
>Backend ACL: access to filter=(objectClass=groupOfNames)
>        by group=cn=itd staff,ou=groups,o=university of michigan,c=us 
>objectClass: 2.5.6.9 attributeType: member write(=wrscx)
>=> bdb_group: found group: "cn=itd staff,ou=groups,o=university of 
>michigan,c=us"
><= bdb_group: found objectClass groupOfNames and member
><= bdb_group: "cn=james a jones 1,ou=alumni association,ou=people,o=university 
>of michigan,c=us" not in "cn=itd staff,ou=groups,o=university of 
>michigan,c=us": member
>=> bdb_group: found group: "cn=itd staff,ou=groups,o=university of 
>michigan,c=us"
><= bdb_group: found objectClass groupOfNames and member
><= bdb_group: "cn=bjorn jensen,ou=information technology 
>division,ou=people,o=university of michigan,c=us" is in "cn=itd 
>staff,ou=groups,o=university of michigan,c=us": member
>
>QED ?
>
>_Ace
>
>
>
>
>-- 
>Ace Suares' Internet Consultancy
>NIEUW ADRES: Postbus 2599, 4800 CN Breda
>telefoon: 06-244 33 608
>fax en voicemail: 0848-707 705
>website: http://www.suares.nl * http://www.qwikzite.nl