[Date Prev][Date Next] [Chronological] [Thread] [Top]

comments break acls (ITS#1854)



Full_Name: Robert Flemming
Version: 2.0.23
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.186.202.146)


If defining an acl in which there is comment in the middle of it slapd appears
to not read beyond them.  For example:

access to *
	by dn="cn=admin,dc=foo,dc=com" write
#	by dn=".*,dc=foo,dc=com" read
#	by * none
	by * read

Here is a snippet of the log file at debug level 128

Jun  4 09:03:17 phillip slapd[15410]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun  4 09:03:17 phillip slapd[15410]: <= acl_mask: no more <who> clauses,
returning =n (stop)
Jun  4 09:03:17 phillip slapd[15410]: => access_allowed: search access denied by
=n

Notice the difference when changing the config file to:

access to *
	by dn="cn=admin,dc=foo,dc=com" write
	by * read

Jun  4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun  4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: *
Jun  4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] applying read (=rscx)
(stop)
Jun  4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] mask: read (=rscx)
Jun  4 09:07:17 phillip slapd[28450]: => access_allowed: read access granted by
read (=rscx)

Seems like a bug to me, but I could just be stupid.