[Date Prev][Date Next] [Chronological] [Thread] [Top]

ssfs in acls not working

To: openldap-bugs@OpenLDAP.org
Subject: ssfs in acls not working
From: Michael Weiser <michael@weiser.saale-net.de>
Date: Tue, 5 Sep 2000 14:43:36 +0200 (CEST)
Cc: Michael Weiser <michael@weiser.saale-net.de>

Hi again,

I don't know whether this is really a bug or I'm just too stupid, but ssfs
in acls don't work for me. If I put something like this in my slapd.conf

access to  
dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
    by dn="cn=Manager,o=org,c=de" ssf=112 write
    by self ssf=112 =w
    by * ssf=112 =x

and then connect via ldaps I just get an insufficient permissions
error. For now I worked around it using

access to
dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
    by dn="cn=Manager,o=org,c=de" sockurl="ldaps://.*" write
    by self sockurl="ldaps://.*" =w
    by * sockurl="ldaps://.*" =x

I put some debug statements in the acl code and saw that the
connection's ssf is set to 168 on connect but when the acl's ssf
gets compared with the operation's ssf in acl_mask it's just 0 and
therefore denies access. Unfortunately I don't know the code enough to
see the relation between connections' and operations' ssfs.

Thanks in advance.
-- 
bye, Micha

Prev by Date: staiblity problems on soloaris2.6b ?
Next by Date: -H not in usage text of client tools (ITS#710)
Index(es):
- Chronological
- Thread