'Re: [Proftpd-user] Support for logins & ACLs based on UID/UUID'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-users
Subject:    Re: [Proftpd-user] Support for logins & ACLs based on UID/UUID
From:       Ken Johanson <proftpd () onnet ! cc>
Date:       2007-01-30 20:16:59
Message-ID: 45BFA7BB.9030305 () onnet ! cc
[Download RAW message or body]

I think I'm getting in to this really deep, now :-)

Now I need the same lookups on PosixGroups, but ACL matching based on 
matching any of the user's plural memberUid attributes (not just the 
default gidNumber).

For example my own 'memberUid' attribute-value exists in 2 different 
posixGroup entries. Then in an ACL like:

AllowGroup 1026
or
AllowGroup 1005

both should allow me since I am a member of both posixGroups having 
those CNs.

But right now I can only pass if the ACL contains my default (1026) (my 
User gidNumber). I can not pass if the ACL contains 1005. It seems not 
to be checking my *list* of member UIDs..

My current config is (on one line):
LDAPDoGIDLookups on
"ou=Posix,ou=Groups,dc=foo,dc=com"
(&(objectclass=posixGroup))
(&(objectclass=posixGroup))
(&(memberUid=%v)(objectclass=posixGroup))

If mod_ldap firsts builds a list then checks any of its entries, I'd 
think the last arg alone would suffice (that's why I didnt narrow scope 
on args 2 & 3), but, if the module issues a query expecting exactly one 
result, I could see why I can match one group but not the other.

Am I mis-using this? Must only one result be returned based on what the 
ACL specified as the group ID is?

Thank in advance again,

ken



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
ProFTPD Users List   <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic