Hi Marco, Marco Gaiarin a écrit : > [another installation of PHPGW, totally unrelated to the sitemgr > trouble exposed on past email, please don't mix this email! ;)] > > > Ok, phpgw internally use the same nunberspace for users and group, so > there's no way to have an user and a group with the same UID. > > OK, as a tempative to fix this design flaw/behaviour, in LDAP schema > the phpgwAccountID/phpgwGroupID: fields was added, so we can use > different ID for POSIX and phpgw. > > > I've recently added phpgw to an existing LDAP/Samba installation, > imported user and group and found that there's no way to proper set > ACL, because user acl override group and group acl override users, even > if i've set phpgwAccountID=uidNumber+10000 to preventing ID clash. > Also, membership are taken into account using POSIX ID, not phpgw ID. > > > The only usefulness of phpgwAccountID/phpgwGroupID seems that the user > can login (if i set phpgwAccountID=POSIX ID=some other group ID the user > cannot login at all), but after that ACL and group membership are a > mess. > > > Right? I can do something about that?
Well, not sure it can be THE solution, but if I give you a patch which uses group membership using the ldap system and not acl, could that help ? Notice, that due to some "old applications" not relying on the account->memberships function but doing it directly with acl, this patch could not be safe. And since I don't have the time (yet) to write a migration script, I hope that your accounts are ok. I hope to be clear :) Regards, Caeies. _______________________________________________ phpGroupWare-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-users
