Re: slapo-dynlist desgin question(s)
--On January 16, 2007 6:34:39 PM +0100 Pierangelo Masarati
<ando(a)sys-net.it> wrote:
Quanah Gibson-Mount wrote:
> This patch also does not work, continuing to use the credentials of the
> bound user.
What operation are you performing when it gets to evaluate that filter?
Can you describe it a little bit further?
ldapsearch -LLL -Q -h ldap-dev1 -b
"cn=groups,cn=applications,dc=stanford,dc=edu" cn=registry-consult
Output is:
dn: cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu
objectClass: groupOfURLs
cn: registry-consult
memberURL:
ldap:///cn=people,dc=stanford,dc=edu??sub?(suprivilegegroup=registr
y:consult)
(but no members). Searching with my admin credentials, I get a full user
list.
access to
dn.exact="cn=registry-consult,cn=groups,cn=applications,dc=stanford,dc=edu"
by dn.base="uid=cadabra,cn=accounts,dc=stanford,dc=edu" sasl_ssf=56
read
by * none
is the ACL in place (admin group comes before this acl with full read to
everything in the tree).
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html