[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4599) Internal search results to access denied



Full_Name: John
Version: 2.3.24
OS: Linux 2.6.17
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.177.120.251)


Hi!
Excuse me for my English.

Must internal search passes check ACL?


content of slapd.conf
...
loglevel 424
authz-regexp
    uid=(.*),cn=gssapi,cn=auth
    ldap:///ou=people,dc=example,dc=org??sub?(uid=$1)
...


Appropriate logs
...
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND dn="" method=163 
Jun 27 13:50:45 main slapd[1752]: str2filter "(uid=user1)" 
Jun 27 13:50:45 main slapd[1752]: begin get_filter 
...
Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access to
"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" "uid" requested 
...
Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access denied by
none(=0) 
...
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND authcid="user1"
authzid="user1" 
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND
dn="uid=user1,cn=gssapi,cn=auth" mech=GSSAPI ssf=56 
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 RESULT tag=97 err=0 text= 
...


i.e. mapping "uid=user1,cn=gssapi,cn=auth" to
"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" by authz-regexp does
not work.