[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#5805) Problem when modifying access control

To: openldap-its@OpenLDAP.org
Subject: RE: (ITS#5805) Problem when modifying access control
From: emmanuel.duru@atosorigin.com
Date: Tue, 18 Nov 2008 08:34:25 GMT

OK, my mistake, here follows a completely detailed description.

* I have a slapd.conf as follows
-----------------begin slapd.conf
include		schema/core.schema
include		schema/cosine.schema
include		schema/inetorgperson.schema
pidfile		slapd.pid
argsfile	slapd.args
access to * attrs=userPassword
	by self write
	by anonymous auth
	by * none
access to dn=cn=manager,c=fr  
        by self write  
        by * none
access to *
	by self write
	by users read
	by anonymous read
	by * none
database	bdb
suffix		"c=fr"
rootdn		"cn=manager,c=fr"
cachesize 	20000
checkpoint	10000 10
directory	db
index objectClass,entryCSN,entryUUID eq
index cn,sn eq,sub
-----------------end slapd.conf
* I convert this slapd.conf to a configdb:
slapd -f slapd.conf -F configdb
* I stop slapd.
* I create the initial database with the following LDIF file:
-----------------begin initial database
dn: c=fr
objectClass: country
c: fr

dn: cn=manager,c=fr
objectClass: person
cn: manager
sn: manager
userPassword:: c2VjcmV0

dn: cn=user,c=fr
objectClass: person
cn: user
sn: user
userPassword:: dXNlcg==

dn: cn=user2,c=fr
objectClass: person
cn: user2
sn: user2
userPassword:: dXNlcjI=
-----------------end initial database
slapadd -f configdb -l initialdatabase.ldif
* I edit olcDatabase={0}config.ldif file to replace olcRootDN: cn=config by
olcRootDN: cn=manager,c=fr
* I start slapd
slapd -d 256 -F configdb
* I try to bind :
ldapsearch.exe -x -D cn=manager,c=fr -w secret -s base -b "" objectclass=* +
It works fine.
* I perform the ldap modifications with this LDIF file:
-----------------begin LDAP modifications
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword  by self write  by anonymous auth  by *
no
 ne
olcAccess: {1}to dn=cn=manager,c=fr  by self write  by * none
olcAccess: {2}to *  by self write  by users read  by anonymous read  by *
none

dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to *  by * none
-----------------end LDAP modifications
ldapmodify -x -D cn=manager,c=fr -w secret -f LDAPmodifications.ldif
* I try to bind :
ldapsearch.exe -x -D cn=manager,c=fr -w secret -s base -b "" objectclass=* +
I get:
ldap_bind: Invalid credentials (49)
* I stop slapd
I get:
filter_free: unknown filter type=19008
filter_free: unknown filter type=13304
slapd stopped.
filter_free: unknown filter type=13744
filter_free: unknown filter type=1264
filter_free: unknown filter type=13744
filter_free: unknown filter type=1264
and slapd crashes.
* I restart slapd
* I try to bind :
ldapsearch.exe -x -D cn=manager,c=fr -w secret -s base -b "" objectclass=* +
It works fine.

Prev by Date: (ITS#5816) back-ldap stops searching if send_search_entry() returns harmless errors (like insufficientAccess)
Next by Date: RE: (ITS#5805) Problem when modifying access control
Index(es):
- Chronological
- Thread