[389-users] Re: Configure CRL check with TLS authentication

2021-02-04 Thread ADELIN Arnaud
Thank you for your quick reply. * You ran the wget on the CRL from on the LDAP server itself and confirmed it. Yes * Did you wget every CRL for the entire CA chain? In my setup, there is only one CRL url that is set in the LDAP server certificate. This CRL is available thanks to wget. For the

[389-users] Re: ACI with groupdn to target multiple groups

2021-02-04 Thread N R
Hi Ludwig, Thanks for your reply. To clarify, when I say it's not working, it means that members of the groups are not able to search the "cn=proxy" container's entries. For example, I've set the following ACI on "cn=proxy": (targetattr = "*") (target = "ldap:///cn=proxy,ou=Servers,dc=domain,dc=

[389-users] Re: ACI with groupdn to target multiple groups

2021-02-04 Thread Pierre Rogier
Hi Nicolas, The documentation does not say that wildcard is supported in groupdn evaluation and I have not seen anything in the code that handles it. IMHO The comment about group dn filter is a bit confusing: the only place it is supported while evaluating groupdn is within the (filter) part when

[389-users] Re: Configure CRL check with TLS authentication

2021-02-04 Thread William Brown
> On 4 Feb 2021, at 19:52, ADELIN Arnaud wrote: > > Thank you for your quick reply. > > * You ran the wget on the CRL from on the LDAP server itself and confirmed it. > Yes > > * Did you wget every CRL for the entire CA chain? > In my setup, there is only one CRL url that is set in the LDAP

[389-users] Re: ACI with groupdn to target multiple groups

2021-02-04 Thread William Brown
> On 4 Feb 2021, at 22:23, Pierre Rogier wrote: > > Hi Nicolas, > > The documentation does not say that wildcard is supported in groupdn > evaluation and I have not seen anything in the code that handles it. > IMHO The comment about group dn filter is a bit confusing: > the only place it is

[389-users] Re: ACI with groupdn to target multiple groups

2021-02-04 Thread William Brown
> On 5 Feb 2021, at 12:30, William Brown wrote: > > > >> On 4 Feb 2021, at 22:23, Pierre Rogier wrote: >> >> Hi Nicolas, >> >> The documentation does not say that wildcard is supported in groupdn >> evaluation and I have not seen anything in the code that handles it. >> IMHO The comment