[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control by group




On Oct 26, 2007, at 1:42 PM, Jason Dearborn wrote:

Ack.

Just found this:
http://www.openldap.org/lists/openldap-software/200710/msg00343.html
and this:
http://www.mail-archive.com/openldap-software@openldap.org/ msg08524.html


Looks like other people are trying to work with posixGroups as well.


Well, you see a lot of weird things on the web.  I wouldn't take
this too seriously.

I have not used posixGroup - we use groupOfNames, just like everyone
else except the posixGroup heretics and the groupOfUniqueName heretics.
But as far as I know, any of these works the same, and your syntax is
right.

If you can turn debugging up on a test service, you can watch the whole
authorization thing happen in gory detail. This may uncover an issue
that has nothing to do with choice of group schema - like, you're getting
stuck on another authorization in the configuration, or your member values
don't actually match the authenticated names as intended, etc. I would
look at that before giving up on your schema, if you have some other
reason to need posixGroup. (If you don't, of course, groupOfNames is
the Right Way!)


	Donn Cave, donn@u.washington.edu