[Date Prev][Date Next]
Re: Access Control by group
Quanah pointed out we're running a pretty old version, which could be the culprit. I know + signs in sets aren't supported. I'm slightly less than enthusiastic about upgrading since we rely on LDAP+Samba groups. It's been a few years since I slogged through that implementation, but it may be time to revist.
On 10/26/07, Donn Cave <firstname.lastname@example.org
On Oct 26, 2007, at 1:42 PM, Jason Dearborn wrote:
> Just found this:
> and this:
> Looks like other people are trying to work with posixGroups as well.
Well, you see a lot of weird things on the web. I wouldn't take
this too seriously.
I have not used posixGroup - we use groupOfNames, just like everyone
else except the posixGroup heretics and the groupOfUniqueName heretics.
But as far as I know, any of these works the same, and your syntax is
If you can turn debugging up on a test service, you can watch the whole
authorization thing happen in gory detail. This may uncover an issue
that has nothing to do with choice of group schema - like, you're
stuck on another authorization in the configuration, or your member
don't actually match the authenticated names as intended, etc. I would
look at that before giving up on your schema, if you have some other
reason to need posixGroup. (If you don't, of course, groupOfNames is
the Right Way!)