[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs using dynlist overlay



Mattes wrote:
> Dear collected list wisdom,
> 
> I'm trying to set up access control using membership in a dynamic list.I've activated the dynlist overlay and configured it like this:
> 
> olcDlAttrSet: groupOfURLs memberURL member
> 
> and installed an ACL:
> 
> olcAccess: to dn.regex=".+,<some base>"
> by self read
> by group/groupOfURLs/member="<group DN>" search
> 
> Browsing the directory I can see the member attributes being added to the
> group, but testing access with slapacl I encounter the following error:54ef3976 => bdb_entry_get: found entry: "<group DN>"
> 54ef3976 <= bdb_entry_get: failed to find attribute member
> 
> What am I doing wrong?
> N.B.: I _did_ add member to the list of allowed attributes for a groupOfURLs ...

It's important to understand that dynlist overlay generates attribute 'member'
on the fly when it's read. Did you read section AUTHORIZATION in slapo-dynlist(5)?

Maybe running this as a CRON job is better for your needs:

http://www.stroeder.com/pylib/update_memberurl_groups.py

Ciao, Michael.

--
E-Mail: michael@stroeder.com
http://www.stroeder.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature