[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: two issues with dyngroups

To: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Subject: Re: two issues with dyngroups
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 21 Oct 2008 17:23:41 +0200
Cc: openldap-software@openldap.org
In-reply-to: <48FDDB83.8050400@inria.fr>
References: <48F365C7.5080708@inria.fr> <48F7ABC1.3030301@sys-net.it> <48FDDB83.8050400@inria.fr>
User-agent: Thunderbird 2.0.0.17 (X11/20081001)

Guillaume Rousse wrote:

Pierangelo Masarati a écrit :
The second directive is that ACLs seems to ignore this dynamic group:
# admins
access to dn.subtree="dc=msr-inria,dc=inria,dc=fr"
    by group="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write
    by * break
Try
access to dn.subtree="dc=msr-inria,dc=inria,dc=fr" by group/groupOfURLs/memberURL="cn=admins,ou=groups,dc=msr-inria,dc=inria,dc=fr" write by * break

(please excuse any unintended line wrapping).
Indeed, many thanks.

This is an often overlooked requirement of groups that use group objectClass and member attribute other than groupOfNames and member. Probably a note should be added to slapo-dynlist(5) man page and somewhere else as appropriate.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- two issues with dyngroups
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: two issues with dyngroups
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: two issues with dyngroups
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>

Prev by Date: Re: two issues with dyngroups
Next by Date: Re: adding syncprov module fails
Index(es):
- Chronological
- Thread