On 2/7/20 19:42, brent s. wrote:
> {2}to dn.exact="ou=groupname,dc=domain,dc=com" attrs=children
> (...)
> by group.exact="cn=GroupAdmins,dc=domain,dc=net" manage
> by * none
>
>
> I get the error:
>
>
>
> Feb 08 00:32:19 foo slapd[17600]: => acl_mask: access to entry
> "ou=groupname,dc=domain,dc=com", attr "entry" requested
> Feb 08 00:32:19 foo slapd[17600]: => acl_mask: to all values by
> "cn=username,dc=domain,dc=net", (=0)
> Feb 08 00:32:19 foo slapd[17600]: <= check a_group_pat:
> cn=groupadmins,ou=groups,dc=domain,dc=net
> Feb 08 00:32:19 foo slapd[17600]: =>ldap_back_getconn: conn
> 0x7f7700009ef0 fetched refcnt=1.
> Feb 08 00:32:19 foo slapd[17600]: Error: ldap_back_is_proxy_authz
> returned 0, misconfigured URI?
>
> (it is a given that cn=username,dc=domain,dc=net is indeed a member
> ("member" attribute) of the groupOfNames object
> cn=GroupAdmins,dc=domain,dc=net and additionally, the
> cn=username,dc=domain,dc=net object has the "memberOf" attribute
> "cn=GroupAdmins,dc=domain,dc=net")Sorry, borked the scrubbing. Correction: the above ACL line and references to it should be: by group.exact="cn=GroupAdmins,ou=Groups,dc=domain,dc=net" manage (as reflected in the log entries), not: by group.exact="cn=GroupAdmins,dc=domain,dc=net" manage -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
signature.asc
Description: OpenPGP digital signature
