[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7392) ACL a_dn.a_self is skipped in case of "acl_mask: to all values ..."
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7392) ACL a_dn.a_self is skipped in case of "acl_mask: to all values ..."
- From: daniel@pluta.biz
- Date: Sun, 16 Sep 2012 07:22:44 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Hi,
applying the patch linked below both previously mentioned operations
produce the following log
Operation 1: log level 128
==========================
505573f8 => access_allowed: delete access to
"cn=group,dc=example,dc=org" "owner" requested
505573f8 => dn: [1] dc=example,dc=org
505573f8 => dn: [2] dc=example,dc=org
505573f8 => acl_get: [2] matched
505573f8 => acl_get: [2] attr owner
505573f8 => acl_mask: access to entry "cn=group,dc=example,dc=org", attr
"owner" requested
505573f8 => acl_mask: to value by "uid=user,dc=example,dc=org", (=0)
505573f8 <= check a_dn_at: owner
505573f8 <= acl_mask: [1] applying read(=rscxd) (stop)
505573f8 <= acl_mask: [1] mask: read(=rscxd)
505573f8 => slap_access_allowed: delete access denied by read(=rscxd)
505573f8 => access_allowed: no more rules
505573f8 => access_allowed: result not in cache (owner)
Operation 2: log level 128
==========================
505573f8 => access_allowed: delete access to
"cn=group,dc=example,dc=org" "owner" requested
505573f8 => dn: [1] dc=example,dc=org
505573f8 => dn: [2] dc=example,dc=org
505573f8 => acl_get: [2] matched
505573f8 => acl_get: [2] attr owner
505573f8 => acl_mask: access to entry "cn=group,dc=example,dc=org", attr
"owner" requested
505573f8 => acl_mask: to all values by "uid=user,dc=example,dc=org", (=0)
505573f8 => acl_mask: to self, attr "owner"
505573f8 <= check a_dn_at: owner
505573f8 <= acl_mask: [1] applying read(=rscxd) (stop)
505573f8 <= acl_mask: [1] mask: read(=rscxd)
505573f8 => slap_access_allowed: delete access denied by read(=rscxd)
505573f8 => access_allowed: no more rules
ftp://ftp.openldap.org/incoming/Daniel-Pluta-120916.patch
DISCLAIMER: It's not heavyly tested. I don't know whether the patch
causes negative sideeffects elsewhere.