Re: Access Control by group

2007-10-29 Thread Buchan Milne
On Friday 26 October 2007 23:48:49 Jason Dearborn wrote: > Quanah pointed out we're running a pretty old version, which could be the > culprit. I know + signs in sets aren't supported. I'm slightly less than > enthusiastic about upgrading since we rely on LDAP+Samba groups. It's been > a few year

Re: Access Control by group

2007-10-27 Thread Jason Dearborn
Quanah pointed out we're running a pretty old version, which could be the culprit. I know + signs in sets aren't supported. I'm slightly less than enthusiastic about upgrading since we rely on LDAP+Samba groups. It's been a few years since I slogged through that implementation, but it may be time

Re: Access Control by group

2007-10-27 Thread Pierangelo Masarati
Jason Dearborn wrote: > Ack. > > Just found this: > http://www.openldap.org/lists/openldap-software/200710/msg00343.html > and this: > http://www.mail-archive.com/openldap-software@openldap.org/msg08524.html > > Looks like other people are trying to work with posixGroups as well. > > > > On 10

Re: Access Control by group

2007-10-26 Thread Donn Cave
On Oct 26, 2007, at 1:42 PM, Jason Dearborn wrote: Ack. Just found this: http://www.openldap.org/lists/openldap-software/200710/msg00343.html and this: http://www.mail-archive.com/openldap-software@openldap.org/ msg08524.html Looks like other people are trying to work with posixGroups as we

Re: Access Control by group

2007-10-26 Thread Quanah Gibson-Mount
--On Friday, October 26, 2007 1:30 PM -0700 Jason Dearborn <[EMAIL PROTECTED]> wrote: Has anyone been able to make this work? Sure, I just created a normal group, like you'll find here: (See the "ldapAdmin"

Re: Access Control by group

2007-10-26 Thread Jason Dearborn
Ack. Just found this: http://www.openldap.org/lists/openldap-software/200710/msg00343.html and this: http://www.mail-archive.com/openldap-software@openldap.org/msg08524.html Looks like other people are trying to work with posixGroups as well. On 10/26/07, Jason Dearborn wrote: > > I'd like to

Access Control by group

2007-10-26 Thread Jason Dearborn
I'd like to grant members of an Administrator group full access to everything in LDAP. According to the ldap FAQ, the default objectclass is "groupOfNames" and the default attribute checked is "member". To match my config I'd need to change the values to "posixGroup" and "memberUid" respectively.