I'm working on implementing 1.630 right now, but I've hit a bit of a snag. When I create a new Webmin user, I assign them to a Webmin group, and all is well. When I move that user to a new Webmin group, the new group's ACL gets written to the user's record in LDAP, because there was no user-level ACL present for the module the group ACL references. The problem occurs when I try to change the user's group again: The new group's ACL isn't written to the user's record, apparently because a user-level ACL already exists. Then, because there is a user-level ACL present for the module, the new group's ACL isn't applied to the user.
I have to use LDAP for the Webmin user records, because this is getting set up in a hot/hot failover evironment. I'd also like - if possible - to avoid modifying any of the core Webmin scripts so that I can stay within the update stream. I know I can fix this behavior by removing the lines in the script which write the ACL to the user record, but I would really prefer not to so as to reduce future headaches with updating. Is there any other way to make Webmin either not write the ACL to the user record or give precedence to the group ACL?
Log in to post a comment.