[prev in list] [next in list] [prev in thread] [next in thread]
List: ldap
Subject: Possible bug in DS 3.1
From: "Olsen Rose" <olsen_rose () bah ! com>
Date: 1998-05-28 12:20:21
[Download RAW message or body]
Hello!
I am in the process of testing DS 3.1 in hopes of soon upgrading from
version 1.03. Here is the problem I've run into. We are using
distributed
Admin and I have a group which
I've created called CSE Admin. Our directory structure is very flat, it
looks as follows:
o=BAH
| | |
ou=SMTP ou=MSMail ou=Netscape Servers
I have given the group CSE Admin rights to the SMTP and MSMail OUs. The
ACLs I've defined are as follows:
aci: (target ="ldap:///ou=SMTP,o=BAH,c=US")(targetattr = "*")(version
3.0; acl
"Untitled"; allow (compare,search,read,write, add , delete ) groupdn
= "l
dap:///cn=CSE Admin,ou=SMTP,o=BAH,c=US" ;)
aci: (target ="ldap:///ou=MSMail,o=BAH,c=US")(targetattr = "*")(version
3.0; a
cl "Untitled"; allow (compare,search,read,write, add , delete )
groupdn =
"ldap:///cn=CSE Admin,ou=SMTP,o=BAH,c=US" ;)
The problem is we have defined groups in the directory that folks in
the
CSE Admin group need to update. While I was testing this morning, I
found that if a user that is a member of the CSE Admin attempts to
update a mail group that they are a member of, I receive an LDAP error
permission denied. For example, if the user Donald Duck is in the group
CSE Admin and also in the group Crystal Park Users, if Donald Duck
attemtps to add users to the Crystal Park Users group, he gets a
permission denied LDAP error. However, if Donald Duck attempts to update
a group that he is not a member of, it works just fine. The
objectclasses for the groups are: objectclass: groupOfUniqueNames
objectclass: mailGroup. Any thoughts would be appreciated.
This operation CAN be performed used the ldapmodify command, however, it
can
NOT be completed using the Admin interface or the Gateway component.
Thank you.
Rose Olsen
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic