[Date Prev][Date Next]
Re: ACL problem posixgroup/groupofnames (w/ corrected)
Jim C. wrote:
So why doesn't the syntax provided by faq-o-matic for granting access
problem you're experiencing. Can you elaborate on it?
Also, you seem to have missed this note in the referenced
Note: the specified member attribute type MUST be of DN syntax
and the specified object class SHOULD allow the attribute type.
That is, your attempt to use memberUid and posixGroup here
uh... because you are not supposed to put dn's in a memberUid attribute?
Great. So what it seems like you are telling me is that the LDAP
schema's for the memberUid attribute are dreadfully out of date. I
suppose then that my readers and I will have to live with the
redundancy, obscene and unmanageable as it is.
The schema in question, which defines posixGroup, is certainly out of
date. There is RFC2307bis which updates the group semantics to use
proper DNs, but even that draft expried a long time ago, and no update
has been published. Still, if you adopt RFC2307bis you'll be in better
shape than you are at the moment.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support