[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems resolving multi-valued attributes with acl directives (ITS#3269)
I haven't tried; we're building the OpenLDAP slapd daemon for Windows
ourselves and I haen't had the time to try building with the latest and
greatest.
Bill Woody
Principle Software Developer
Symantec Corporation
Office:
310-449-5424
Interoffice:
6 [310] 5424
Email:
bill_woody@symantec.com
owner-openldap-bugs@OpenLDAP.org wrote on 08/05/2004 10:20:38 PM:
> bill_woody@symantec.com wrote:
>
> > Full_Name: William Edward Woody
> > Version: 2.2.8
> > OS: Win32
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (198.6.50.155)
> >
> >
> > I encountered a problem with entries with multi-valued attributes,
> where not all
> > of the values were being returned in v2.2.8 of OpenLDAP slapd.
> >
> > When an entry is marked as having read access only to a group, reading
the
> > objectClass attribute with 'cn=root' (full root privileges) will
return all
> > objectClass attribute values. However, if one logs in using the access
> > privileges of a member in the group, only the first objectClass
attribute is
> > returned.
> >
> > I narrowed down the problem to the state caching used while resolving
ACL
> > instructions. In servers/slapd/acl.c, the AccessControlState
> object appears to
> > store the last resolved ACL item in the slapd.conf block access
> control list,
> > and stores nothing with respect to the openLDAPaci attribute. Now
> we've defined
> > our access control block to rely on openLDAPaci:
>
> There was a recent change to ACL caching and OpenLDAPaci, does this
> problem still occur for you in the current release (2.2.25)?
>
> --
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
>