[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-users
Subject: Re: [Proftpd-user] Support for logins & ACLs based on UID/UUID
From: Ken Johanson <proftpd () onnet ! cc>
Date: 2007-01-30 20:16:59
Message-ID: 45BFA7BB.9030305 () onnet ! cc
[Download RAW message or body]
I think I'm getting in to this really deep, now :-)
Now I need the same lookups on PosixGroups, but ACL matching based on
matching any of the user's plural memberUid attributes (not just the
default gidNumber).
For example my own 'memberUid' attribute-value exists in 2 different
posixGroup entries. Then in an ACL like:
AllowGroup 1026
or
AllowGroup 1005
both should allow me since I am a member of both posixGroups having
those CNs.
But right now I can only pass if the ACL contains my default (1026) (my
User gidNumber). I can not pass if the ACL contains 1005. It seems not
to be checking my *list* of member UIDs..
My current config is (on one line):
LDAPDoGIDLookups on
"ou=Posix,ou=Groups,dc=foo,dc=com"
(&(objectclass=posixGroup))
(&(objectclass=posixGroup))
(&(memberUid=%v)(objectclass=posixGroup))
If mod_ldap firsts builds a list then checks any of its entries, I'd
think the last arg alone would suffice (that's why I didnt narrow scope
on args 2 & 3), but, if the module issues a query expecting exactly one
result, I could see why I can match one group but not the other.
Am I mis-using this? Must only one result be returned based on what the
ACL specified as the group ID is?
Thank in advance again,
ken
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic