group ACLS problem

phr2101 at columbia.edu phr2101 at columbia.edu
Mon Sep 12 12:19:52 EDT 2005


I'm having a problem with group ACLS.

I have configure it to use the pts module and do ldap authentication.

When logging in I see these queries performed against ldap

conn=1 op=0 BIND dn="" method=128
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 op=1 SRCH base="dc=cc,dc=columbia,dc=edu" scope=2 deref=0  
filter="(uid=phr2101)"
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=1 op=2 SRCH base="ou=group,dc=cc,dc=columbia,dc=edu" scope=2  
deref=0 filter="(memberUid=phr2101)"
conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=8 text=

These queries are what I would expect and return results.

phr2101 at bacon> ldapsearch -LLL -x -h samehost -p 3400 -b  
"ou=group,dc=cc,dc=columbia,dc=edu" -a never memberuid=phr2101 cn
dn: cn=www,ou=group,dc=cc,dc=columbia,dc=edu
cn: www

dn: cn=staff,ou=group,dc=cc,dc=columbia,dc=edu
cn: staff

dn: cn=acct,ou=group,dc=cc,dc=columbia,dc=edu
cn: acct

dn: cn=sy,ou=group,dc=cc,dc=columbia,dc=edu
cn: sy

dn: cn=wheel,ou=group,dc=cc,dc=columbia,dc=edu
cn: wheel

dn: cn=src,ou=group,dc=cc,dc=columbia,dc=edu
cn: src

dn: cn=wwwsy,ou=group,dc=cc,dc=columbia,dc=edu
cn: wwwsy


however when I try to access the public folder 'sy' with the  
following ACLs, it does not appear even though I am in that group
spam.cc.columbia.edu> lam sy
group:sy lrswipcda


If I give myself full ACLs then I can see the folder fine.


Anyone know why my group ACLs aren't working?

We're using Cyrus 2.3

thanks,

Patrick






More information about the Info-cyrus mailing list