[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3780) val.regex with attributes doesn't honor searches
--On Monday, June 20, 2005 9:04 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
>
>
> --On Thursday, June 16, 2005 8:20 PM +0200 Pierangelo Masarati
> <ando@sys-net.it> wrote:
>
>>
>>> Full_Name: Quanah Gibson-Mount
>>> Version: 2.2.26
>>> OS: Solaris 8
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (171.64.19.82)
>>>
>>>
>>> I have the following ACL:
>>>
>>> access to dn.children="cn=people,dc=stanford,dc=edu"
>>> attrs=suPrivilegeGroup
>>> val.regex="^itss-smarts:.+"
>>
>> val.regex has undergone some changes between 2.2.26 and 2.2.27
>> (ITS#3700); can you reproduce the problem with the latest 2.2?)
>>
>> I've set up a similar configuration and I couldn't. In case it persist,
>> can you prepare a working example with standard schema?
>
> Hi Pierangelo,
>
> It works correctly in 2.2.27, much to my surprise. :)
My mistake, it does *not* work right in 2.2.27 either. I used the wrong
search identity the first time (I used my global one).
The only way I can get this to work right in 2.2 is to have two acl's, like
this:
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^itss-smarts:.+"
by dn.base="cn=smarts,cn=service,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
by dn.base="cn=smarts,cn=service,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 search
by * break
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin