Group based ACL
Tim Pushor
timp at crossthread.com
Thu Jan 22 17:21:15 EST 2004
Rob Siemborski wrote:
>On Thu, 22 Jan 2004, Tim Pushor wrote:
>
>
>
>>So nobody knows how to do this? I have looked through the list archives
>>and this has come up several times, with no solutions.
>>
>>I am trying to figure out how to use the new experimental ldap pts code
>>in 2.2.3 but I first of all can't figure out how to assign an ACL based
>>on a group!
>>
>>I have tried group:xxx syntax, @group (from an old possible recollection
>>of days of old), nothing seems to work.
>>
>>
>
>For AFS pts groups, you just use the name of the group directly, e.g.
>
>rjs3:friends
>system:administrators
>
>The name of the group goes directly into the acl. Thats it.
>
>
Ok, I see that its actually auth_unix that mandates the group: syntax. I
think I have found my problem.
Perhaps the pts system is not the best place to do the ldap group
authentication - like a square peg in a round hole. Thats just where I
started as thats where you Rob, had some code (ldap.c in ptclient), that
I assumed was working, but just didn't fit my group model.
I'll just write my own auth_ldap, and quit bugging you guys about pts.
Thanks,
Tim
More information about the Info-cyrus
mailing list