[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#3276



I did some more testing with openldap-2.2.14 and 2.2.15. on several
servers with identical data and slapd.conf. Here some debugging output


,----[ successful 2.2.14 ]
| bdb_entry_get: rc=0
| => access_allowed: auth access to "cn=admanager,o=avci,c=de" "saslAuthzTo" requested
| => dnpat: [2] ^cn=Mailinglisten,cn=([^,]+),ou=Partner,o=avci,c=de$ nsub: 1
| => dnpat: [3] ^[^,]+,cn=Mailinglisten,cn=([^,]+),ou=partner,o=avci,c=de$ nsub: 1
| => dnpat: [4] ^cn=([^,]+),ou=Partner,o=avci,c=de$ nsub: 1
| => dn: [5] ou=adressbuch,o=avci,c=de
| => dn: [6] ou=benchmark,o=avci,c=de
| => dn: [7] o=avci,c=de
| => acl_get: [7] matched
| => acl_get: [7] attr saslAuthzTo
| access_allowed: no res from state (saslAuthzTo)
| => acl_mask: access to entry "cn=admanager,o=avci,c=de", attr "saslAuthzTo" requested
| => acl_mask: to all values by "cn=admanager,o=avci,c=de", (=n) 
| => bdb_entry_get: ndn: "cn=administratoren,o=avci,c=de"
| => bdb_entry_get: oc: "groupOfNames", at: "member"
| bdb_dn2entry("cn=administratoren,o=avci,c=de")
| => bdb_entry_get: found entry: "cn=administratoren,o=avci,c=de"
| bdb_entry_get: rc=0
| dnMatch 1
|         "cn=benchmark,o=avci,c=de"
|         "cn=admanager,o=avci,c=de"
| dnMatch 17
|         "cn=dieter kluenter,ou=partner,o=avci,c=de"
|         "cn=admanager,o=avci,c=de"
| dnMatch 0
|         "cn=admanager,o=avci,c=de"
|         "cn=admanager,o=avci,c=de"
| <= acl_mask: [1] applying write(=wrscx) (stop)
| <= acl_mask: [1] mask: write(=wrscx)
| => access_allowed: auth access granted by write(=wrscx)
`----

,----[ error with 2.2.15 ]
| => bdb_entry_get: found entry: "cn=admanager,o=avci,c=de"
| bdb_entry_get: rc=0
| => access_allowed: auth access to "cn=admanager,o=avci,c=de" "saslAuthzTo" requested
| => dnpat: [2] ^cn=Mailinglisten,cn=([^,]+),ou=Partner,o=avci,c=de$ nsub: 1
| => dnpat: [3] ^[^,]+,cn=Mailinglisten,cn=([^,]+),ou=partner,o=avci,c=de$ nsub: 1
| => dnpat: [4] ^cn=([^,]+),ou=Partner,o=avci,c=de$ nsub: 1
| => dn: [5] ou=adressbuch,o=avci,c=de
| => dn: [6] ou=benchmark,o=avci,c=de
| => dn: [7] o=avci,c=de
| => acl_get: [7] matched
| => acl_get: [7] attr saslAuthzTo
| access_allowed: no res from state (saslAuthzTo)
| => acl_mask: access to entry "cn=admanager,o=avci,c=de", attr "saslAuthzTo" requested
| => acl_mask: to all values by "cn=admanager,o=avci,c=de", (=n) 
| => bdb_entry_get: ndn: "cn=administratoren,o=avci,c=de"
| => bdb_entry_get: oc: "groupOfNames", at: "member"
`----

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de