[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-users] Strangness with phpgw and ldap...
From: |
Benoit Hamet |
Subject: |
Re: [phpGroupWare-users] Strangness with phpgw and ldap... |
Date: |
Thu, 22 Feb 2007 15:45:46 +0100 |
User-agent: |
IceDove 1.5.0.9 (X11/20061220) |
Hi Marco,
Marco Gaiarin a écrit :
> [another installation of PHPGW, totally unrelated to the sitemgr
> trouble exposed on past email, please don't mix this email! ;)]
>
>
> Ok, phpgw internally use the same nunberspace for users and group, so
> there's no way to have an user and a group with the same UID.
>
> OK, as a tempative to fix this design flaw/behaviour, in LDAP schema
> the phpgwAccountID/phpgwGroupID: fields was added, so we can use
> different ID for POSIX and phpgw.
>
>
> I've recently added phpgw to an existing LDAP/Samba installation,
> imported user and group and found that there's no way to proper set
> ACL, because user acl override group and group acl override users, even
> if i've set phpgwAccountID=uidNumber+10000 to preventing ID clash.
> Also, membership are taken into account using POSIX ID, not phpgw ID.
>
>
> The only usefulness of phpgwAccountID/phpgwGroupID seems that the user
> can login (if i set phpgwAccountID=POSIX ID=some other group ID the user
> cannot login at all), but after that ACL and group membership are a
> mess.
>
>
> Right? I can do something about that?
Well, not sure it can be THE solution, but if I give you a patch which
uses group membership using the ldap system and not acl, could that help ?
Notice, that due to some "old applications" not relying on the
account->memberships function but doing it directly with acl, this patch
could not be safe. And since I don't have the time (yet) to write a
migration script, I hope that your accounts are ok.
I hope to be clear :)
Regards,
Caeies.