Am Tue, 03 Mar 2015 17:43:06 +0100 schrieb "Mattes" <[email protected]>:
> Am Montag, 02. März 2015 21:55 CET, Howard Chu <[email protected]> > schrieb: > > > Michael Ströder wrote: > > > Mattes wrote: > > >> Dear collected list wisdom, > > >> > > >> I'm trying to set up access control using membership in a > > >> dynamic list.I've activated the dynlist overlay and configured > > >> it like this: > > >> > > >> olcDlAttrSet: groupOfURLs memberURL member > > >> > > >> and installed an ACL: > > >> > > >> olcAccess: to dn.regex=".+,<some base>" > > >> by self read > > >> by group/groupOfURLs/member="<group DN>" search > > >> > > >> Browsing the directory I can see the member attributes being > > >> added to the group, but testing access with slapacl I encounter > > >> the following error:54ef3976 => bdb_entry_get: found entry: > > >> "<group DN>" 54ef3976 <= bdb_entry_get: failed to find attribute > > >> member > > >> > > >> What am I doing wrong? > > > > In general, overlays don't take effect for the offline tools, they > > only function in slapd itself. > > O.k., thanks, that makes a lot of sense. So, slapacl can only take > static entries into consideration. That leaves me with the following > question: what tool to use to debug ACLs? set slapd in debug mode 128. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
