[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACLs using dynlist overlay
Am Tue, 03 Mar 2015 17:43:06 +0100
schrieb "Mattes" <rm@mh-freiburg.de>:
> Am Montag, 02. März 2015 21:55 CET, Howard Chu <hyc@symas.com>
> schrieb:
>
> > Michael Ströder wrote:
> > > Mattes wrote:
> > >> Dear collected list wisdom,
> > >>
> > >> I'm trying to set up access control using membership in a
> > >> dynamic list.I've activated the dynlist overlay and configured
> > >> it like this:
> > >>
> > >> olcDlAttrSet: groupOfURLs memberURL member
> > >>
> > >> and installed an ACL:
> > >>
> > >> olcAccess: to dn.regex=".+,<some base>"
> > >> by self read
> > >> by group/groupOfURLs/member="<group DN>" search
> > >>
> > >> Browsing the directory I can see the member attributes being
> > >> added to the group, but testing access with slapacl I encounter
> > >> the following error:54ef3976 => bdb_entry_get: found entry:
> > >> "<group DN>" 54ef3976 <= bdb_entry_get: failed to find attribute
> > >> member
> > >>
> > >> What am I doing wrong?
> >
> > In general, overlays don't take effect for the offline tools, they
> > only function in slapd itself.
>
> O.k., thanks, that makes a lot of sense. So, slapacl can only take
> static entries into consideration. That leaves me with the following
> question: what tool to use to debug ACLs?
set slapd in debug mode 128.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E