Howard Chu wrote:
I think the groups should not even have been cached in the first place; lookups for auth purposes usually set op->o_nocaching.
You're right; but the point doesn't seem to be about caching during the authorization-related internal lookup; caching seems to occur earlier, while checking access to the authzTo/authzFrom attrs. There might be some issue in the authz resolution.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------