Am Tue, 03 Mar 2015 17:43:06 +0100 schrieb "Mattes" rm@mh-freiburg.de:
Am Montag, 02. März 2015 21:55 CET, Howard Chu hyc@symas.com schrieb:
Michael Ströder wrote:
Mattes wrote:
Dear collected list wisdom,
I'm trying to set up access control using membership in a dynamic list.I've activated the dynlist overlay and configured it like this:
olcDlAttrSet: groupOfURLs memberURL member
and installed an ACL:
olcAccess: to dn.regex=".+,<some base>" by self read by group/groupOfURLs/member="<group DN>" search
Browsing the directory I can see the member attributes being added to the group, but testing access with slapacl I encounter the following error:54ef3976 => bdb_entry_get: found entry: "<group DN>" 54ef3976 <= bdb_entry_get: failed to find attribute member
What am I doing wrong?
In general, overlays don't take effect for the offline tools, they only function in slapd itself.
O.k., thanks, that makes a lot of sense. So, slapacl can only take static entries into consideration. That leaves me with the following question: what tool to use to debug ACLs?
set slapd in debug mode 128.
-Dieter