[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access control broken (ITS#4019)
Why should the second rule get caught when there are
ou: beer
ou: cider
and not make it to the break? The filters when I do the ldapsearch
work as expected.
The user DN is not meant to match the DN in the <who>. The DN in the
<who> is matched against the bind dn...
I made it long to give a good demonstration of the problem.
Stu.
On 10/09/2005, at 14:01, Pierangelo Masarati wrote:
> Anyway, I think it works as intended. In fact, the second rule in
> your post
> gets caught when checking the object that contains both "cider" and
> "beer" and
> since the user DN does not match the DN in the <who>, control
> doesn't even get
> to the break, so the third rule is never checked. I suspect you
> need to add a
> "by * none break" at the end of each rule to get the behavior you
> expect, much
> like you did in the first rule.
>
> p.
>
> PS: I suggest you try to keep your reports a bit shorter and
> focused on the
> issue; I nearly consumed the page-up/down buttons trying to keep
> track of what
> you're saying.
>
--
Dr Stuart Midgley
sdm900@gmail.com