On 2/7/20 19:42, brent s. wrote:
{2}to dn.exact="ou=groupname,dc=domain,dc=com" attrs=children (...) by group.exact="cn=GroupAdmins,dc=domain,dc=net" manage by * none
I get the error:
Feb 08 00:32:19 foo slapd[17600]: => acl_mask: access to entry "ou=groupname,dc=domain,dc=com", attr "entry" requested Feb 08 00:32:19 foo slapd[17600]: => acl_mask: to all values by "cn=username,dc=domain,dc=net", (=0) Feb 08 00:32:19 foo slapd[17600]: <= check a_group_pat: cn=groupadmins,ou=groups,dc=domain,dc=net Feb 08 00:32:19 foo slapd[17600]: =>ldap_back_getconn: conn 0x7f7700009ef0 fetched refcnt=1. Feb 08 00:32:19 foo slapd[17600]: Error: ldap_back_is_proxy_authz returned 0, misconfigured URI?
(it is a given that cn=username,dc=domain,dc=net is indeed a member ("member" attribute) of the groupOfNames object cn=GroupAdmins,dc=domain,dc=net and additionally, the cn=username,dc=domain,dc=net object has the "memberOf" attribute "cn=GroupAdmins,dc=domain,dc=net")
Sorry, borked the scrubbing.
Correction: the above ACL line and references to it should be:
by group.exact="cn=GroupAdmins,ou=Groups,dc=domain,dc=net" manage
(as reflected in the log entries), not:
by group.exact="cn=GroupAdmins,dc=domain,dc=net" manage