[Date Prev][Date Next]
Re: DynList + posixGroup and permission to Dir
> I have problem with OpenLdap and permission to file.
> First - I set this in my slapd.conf:
> overlay dynlist
> dynlist-attrset labeledURIObject labeledURI
> Second - I make cn=test,ou=Projects,dc=example,dc=com with:
> dn: cn=test,ou=Projects,dc=example,dc=com
> gidNumber: 6789
> objectClass: posixGroup
> objectClass: top
> objectClass: labeledURIObject
> memberUid: user1 (dynamic)
> memberUid: user2 (dynamic)
> in cn=testgroup,ou=Groups,dc=example,dc=com i have memberuid: user1 and
> memberUid: user2
> Third - when i made getent group test I have:
> But when i try id user1 i didn't see this group :(
> And next i set chmod 770 dir and chown root.test dir and try access to
> this dir.
> But of course it is not possible because the user is not in this group
> (that said "id").
> Somebody know the resolve? Because i spent a lot of hours and i can't find
> the problem.
slapo-dynlist(5) only allows direct membership, not reverse. Read the man
page: when an entry with a specific objectClass is being returned, URL
expansion may take place. So if you *search* with a dynamic member in the
filter, nothing is returned. What you are trying to accomplish cannot be
obtained using slapo-dynlist(5). You probably need to use slapo-autogroup