[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL problems: (was: objectIdentifierMatch)

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: ACL problems: (was: objectIdentifierMatch)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 25 Sep 2002 20:03:13 -0700
Cc: Howard Chu <hyc@symas.com>, openldap-bugs@OpenLDAP.org
In-reply-to: <92736588.1032968032@cadabra.Stanford.EDU>
References: <NMEFLNHODBAOPDKNNJALGECDDOAA.hyc@symas.com> <NMEFLNHODBAOPDKNNJALGECDDOAA.hyc@symas.com>

Changed the subject as this has nothing to do with the
objectIdentifierMatch issue previously reported.

As far as debugging your problem, I suggest you examine
logs to determine what's going here.  Enabling ACL logging
would likely be particular informative.

The only curious thing I see in your post is your comment:
>I am a member of both ldapadmin, and supervisor.  Still,
>with this setup, I cannot bind as either of them

This implies you are not authenticating as yourself but as
  cn=supervisor,cn=applications,dc=stanford,dc=edu
or
  cn=ldapadmin,cn=applications,dc=stanford,dc=edu

Or maybe you are authenticating as yourself and assuming
one of these identities.

If either of DNs is your authorization DN and its not
a member of group, then it has only "auth" access.

That is, a group is not a member of the group unless
it's explicitly listed as a member of the group.

Presently, this sounds more like a software use issue than
a software bug.

Kurt

Follow-Ups:
- Re: ACL problems: (was: objectIdentifierMatch)
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- RE: objectIdentifierMatch (ITS#2095)
  - From: "Howard Chu" <hyc@symas.com>
- RE: objectIdentifierMatch (ITS#2095)
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: OpenLDAP seems to ignore UNBIND (ITS#2112)
Next by Date: (ITS#2112)
Index(es):
- Chronological
- Thread