[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4253) val.regex broken
--On Thursday, December 08, 2005 9:16 AM -0800 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
>
>
> --On Thursday, December 08, 2005 5:13 PM +0000 openldap-its@OpenLDAP.org
> wrote:
>
> And to note, if I change the ACL to not have any val.regex, I get all
> values of suprivilegegroup back, so there is definitely something wrong
> with val.regex.
Okay, I've isolated the behavior further.
I have a list of val.regex accesses to suprivilegegroup:
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^securemail:.+"
by
dn.base="cn=voltage,cn=service,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^itss-smarts:.+"
by
dn.base="cn=smarts,cn=service,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by group.base="cn=smarts,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^maps:.+"
by
dn.base="cn=bonair,cn=webauth,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^facops:.+"
by
dn.base="cn=bonair,cn=webauth,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^stanford:.+"
by
group.base="cn=WebAuthPrivileged,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by
group.base="cn=WebAuthGeneral,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^~jlavigne:.+"
by
dn.base="cn=dept-sul-library,cn=cgi,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^med-irt:.+"
by
dn.base="cn=irt-web-01,cn=webauth,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to dn.children="cn=people,dc=stanford,dc=edu" attrs=suPrivilegeGroup
val.regex="^med-publish:.+"
by
dn.base="cn=irt-web-01,cn=webauth,cn=applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
Which ever of these is the *first* item in the list never works. The rest
of the regex's are applied correctly. So there is something broken in what
is generating the list of these to be evaluated.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html