CUPS has the ability to authorise people based upon group membership by using a configuration directive similar to 'Require group lpadmin'. However, if a group is defined both in '/etc/group' and in LDAP, CUPS will only use the first instance. The cause of this problem is that the 'getgrnam()' system call only returns one entry, even though multiple entries may fit the search criterion. Iterating through the entries returned by 'getgrent()' allows the program to verify against all groups. I have attached a patch that changes the authorisation code. I have also submitted the patch upstream (http://cups.org/str.php?L2967).
Created attachment 167880 [details, diff] Change group authorisation logic to use iterative getgrent() calls instead of getgrnam()
Created attachment 167884 [details, diff] Patches the ebuild to include new group authorisation patch.
Thanks for taking this upstream, resolving as upstream (even though that means we've to wait for >=cups-1.5 for this to happen).
