[SOGo] Issues with decomposing LDAP-Groups in ACLs

Sun, 13 Oct 2013 05:46:41 -0700 

Hey,

I want to create groupcalendars. As creating them as the group (which is
possible when you add userPassword to the group) works bad (SOGo will
refuse to add an ACL for the group on the calendar if it is owned by the
group), I decided to create a fakeuser and use ACLs.

Defining the ACLs works fine, however when I try to access the calendar
as a member of the group it won't show up (except of course when I
enable public access, but then I am not granted modify-rights).

The only interesting part of my log could be:

Oct 13 01:34:50 sogod [25003]: |SOGo| lookup name: junge-piraten
Oct 13 01:34:50 sogod [25003]: |SOGo|   did not find key 'junge-piraten'
in SoClass: <0x0xb8f39788[SoObjCClass]: super=0x0xb8f37810 objc=SOGo
slots=connect,GET,view,casProxy,index,saml2-signon-post,changePassword,saml2-metadata,loading,toolbar>
Oct 13 01:34:50 sogod [25003]: |SOGo|   looked up value: (null)
Oct 13 01:34:50 sogod [25003]: |SOGo|   lookup in root object: (null)
Oct 13 01:34:50 sogod [25003]: |SOGo|   GOT: (null)

("junge-piraten" is the name of my fakeuser containing shared calendars.
I get related messages with "prauscher", which is the name of the
accessing user)

My SOGoUserSources = (
    {
      type = ldap;
      CNFieldName = sn;
      UIDFieldName = cn;
      IDFieldName = cn;
      baseDN = "ou=Groups,o=Junge Piraten,c=DE";
      bindDN = "cn=sogo,o=Junge Piraten,c=DE";
      bindPassword = "xxxxxxxxx";
      canAuthenticate = YES;
      displayName = "Gruppen";
      hostname = ldap://storage:389;
      id = jupis_groups;
      isAddressBook = YES;
      SearchFieldNames = (cn,sn,mail);
    },
    {
      type = ldap;
      CNFieldName = cn;
      UIDFieldName = uid;
      IDFieldName = uid; // first field of the DN for direct binds
      baseDN = "ou=People,o=Junge Piraten,c=DE";
      bindDN = "cn=sogo,o=Junge Piraten,c=DE";
      bindPassword = "xxxxxxxx";
      canAuthenticate = YES;
      displayName = "Personen";
      hostname = ldap://storage:389;
      id = jupis_people;
      isAddressBook = YES;
      SearchFieldNames = (uid,cn,givenName,sn,mail);
    }
  );

As you may guess, all our Groups are stored as
objectClass=groupOfNames,extensibleObject with a mail-Attribute. Users
are stored as inetOrgPerson. Our OpenLDAPd has the memberOf-overlay
activated (and it works).

If I can provide you more information just tell me!

Thanks for your help,
prauscher

PS: When writing the Groupmembers individually to the ACL, everything
works. It is just the decomposing of the Group.

-- 
Diese Mail wurde nicht zwangsweise von dressierten Affen verfasst.
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to