[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
comments break acls (ITS#1854)
Full_Name: Robert Flemming
Version: 2.0.23
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.186.202.146)
If defining an acl in which there is comment in the middle of it slapd appears
to not read beyond them. For example:
access to *
by dn="cn=admin,dc=foo,dc=com" write
# by dn=".*,dc=foo,dc=com" read
# by * none
by * read
Here is a snippet of the log file at debug level 128
Jun 4 09:03:17 phillip slapd[15410]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun 4 09:03:17 phillip slapd[15410]: <= acl_mask: no more <who> clauses,
returning =n (stop)
Jun 4 09:03:17 phillip slapd[15410]: => access_allowed: search access denied by
=n
Notice the difference when changing the config file to:
access to *
by dn="cn=admin,dc=foo,dc=com" write
by * read
Jun 4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun 4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: *
Jun 4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] applying read (=rscx)
(stop)
Jun 4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] mask: read (=rscx)
Jun 4 09:07:17 phillip slapd[28450]: => access_allowed: read access granted by
read (=rscx)
Seems like a bug to me, but I could just be stupid.