CUPS ldap group authentication not working
John A. Sullivan III
jsullivan at opensourcedevel.com
Sat Feb 13 08:33:39 PST 2010
> On Feb 13, 2010, at 1:58 AM, John A. Sullivan III wrote:
> > Hello, all. We're in the midst of building a multi-tenant CUPS =
> printing environment where we need very granular control over who can =
> print to what. All of the users and groups are held in a CentOS =
> Directory Server LDAP database.
> > ...
> > We would have thought we simply needed to do something like:
> >=20
> > <Location /admin>
> > Order allow,deny
> > Require group somegroup
> > Allow from 172.16.18.0/28
> > </Location>
> >=20
> > But, when users enter their credentials for the web admin interface, =
> their credentials are not accepted. If we change it to:
>
>
> Do you have local groups (in /etc/group) of the same name? If so, you =
> are running into STR #2967:
>
> http://www.cups.org/str.php?L2967
>
> Basically the getgrnam API does not coalesce local and LDAP groups, and =
> there is no API to enumerate all groups with the same name, so we're =
> going to have to come up with a way to cache group lookups for some =
> (short) amount of time to get good performance using getgrent...
><snip>
Thank you for such a swift reply. No, the groups are not duplicated. What should I look at next? Thanks - John
More information about the cups
mailing list