Thank you for your quick reply.
* You ran the wget on the CRL from on the LDAP server itself and confirmed it.
Yes
* Did you wget every CRL for the entire CA chain?
In my setup, there is only one CRL url that is set in the LDAP server
certificate.
This CRL is available thanks to wget.
For the
Hi Ludwig,
Thanks for your reply.
To clarify, when I say it's not working, it means that members of the
groups are not able to search the "cn=proxy" container's entries.
For example, I've set the following ACI on "cn=proxy":
(targetattr = "*") (target =
"ldap:///cn=proxy,ou=Servers,dc=domain,dc=
Hi Nicolas,
The documentation does not say that wildcard is supported in groupdn
evaluation and I have not seen anything in the code that handles it.
IMHO The comment about group dn filter is a bit confusing:
the only place it is supported while evaluating groupdn is within the
(filter) part when
> On 4 Feb 2021, at 19:52, ADELIN Arnaud wrote:
>
> Thank you for your quick reply.
>
> * You ran the wget on the CRL from on the LDAP server itself and confirmed it.
> Yes
>
> * Did you wget every CRL for the entire CA chain?
> In my setup, there is only one CRL url that is set in the LDAP
> On 4 Feb 2021, at 22:23, Pierre Rogier wrote:
>
> Hi Nicolas,
>
> The documentation does not say that wildcard is supported in groupdn
> evaluation and I have not seen anything in the code that handles it.
> IMHO The comment about group dn filter is a bit confusing:
> the only place it is
> On 5 Feb 2021, at 12:30, William Brown wrote:
>
>
>
>> On 4 Feb 2021, at 22:23, Pierre Rogier wrote:
>>
>> Hi Nicolas,
>>
>> The documentation does not say that wildcard is supported in groupdn
>> evaluation and I have not seen anything in the code that handles it.
>> IMHO The comment