[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ssfs in acls not working
Fixed, please test, thanks.
At 02:43 PM 9/5/00 +0200, Michael Weiser wrote:
>Hi again,
>
>I don't know whether this is really a bug or I'm just too stupid, but ssfs
>in acls don't work for me. If I put something like this in my slapd.conf
>
>access to
>dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
> by dn="cn=Manager,o=org,c=de" ssf=112 write
> by self ssf=112 =w
> by * ssf=112 =x
>
>and then connect via ldaps I just get an insufficient permissions
>error. For now I worked around it using
>
>access to
>dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
> by dn="cn=Manager,o=org,c=de" sockurl="ldaps://.*" write
> by self sockurl="ldaps://.*" =w
> by * sockurl="ldaps://.*" =x
>
>I put some debug statements in the acl code and saw that the
>connection's ssf is set to 168 on connect but when the acl's ssf
>gets compared with the operation's ssf in acl_mask it's just 0 and
>therefore denies access. Unfortunately I don't know the code enough to
>see the relation between connections' and operations' ssfs.
>
>Thanks in advance.
>--
>bye, Micha