Re: ACL's using group access do not work (ITS#2118)

[Quanah Gibson-Mount <quanah@stanford.edu>]

Kurt,

I haven't heard anything back on this from you in a bit, but I've got more 
exciting debugging pieces of information. ;)

So (see output below),

When it is going through looking at whether or not suRegID is a member of 
the group supervisor, it is doing an OID validate? Why?  Should it care 
about the OID of suRegID?  Also, the "oid" it is validating appears to be 
my suRegID number.  Is this then a problem with the schema definition of 
suRegID?

attributetype ( 1.3.6.1.4.1.299.11.1.1 NAME ( 'suRegID' )
	EQUALITY objectIdentifierMatch
	SYNTAX 1.3.6.1.4.1.1466.155.121.1.38 SINGLE-VALUE)


Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 114958 local4.debug] 
> > > dnNormalize: 
<suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu>
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 974938 local4.debug] 
normal else: validf set to ssyn_validate.
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 348223 local4.debug] 
ad cname: <suRegID>
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 473945 local4.debug] 
LDAPDN_rewrite2: validf = <\235\343\277\2201>
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 731083 local4.debug] 
LDAPDN_rewrite2: sat cname = <suRegID>
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 429923 local4.debug] 
QUANAH: oidValidate
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 487737 local4.debug] 
QUANAH: oidValidate: bv_val of 0 is 8
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 487965 local4.debug] 
QUANAH: oidValidate: bv_val of i is e
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 439323 local4.debug] 
QUANAH: oidValidate: OID_LEADCHAR1
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 350067 local4.debug] 
LDAPDN_rewrite2: rc = "21"
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 141248 local4.debug] 
LDAPDN_rewrite2: Returning invalid_SYNTAX.
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 928770 local4.debug] 
====> Inside DN Normalization 2, returning invalid syntax.
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 233264 local4.debug] 
====> value_find_ex: rc="21"
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 604206 local4.debug] 
====> Did NOT GET LDAP_SUCCESS.
Oct  7 15:01:55 ldap2.Stanford.EDU slapd[23561]: [ID 631365 local4.debug] 
<= bdb_group: 
"suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu" not 
in "cn=supervisor,cn=applications,dc=stanford,dc=edu": member

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html