[Date Prev][Date Next] [Chronological] [Thread] [Top]

Still Group access problems...

To: <openldap-software@OpenLDAP.org>
Subject: Still Group access problems...
From: "Koen Bosmans" <kbo@melexis.com>
Date: Tue, 7 Dec 1999 10:35:03 +0100
Organization: Elex - Melexis

Hi,

Since my last posting of the group access problems I had it seemed to work
OK, but I only tested it with read access. Now I tested it with ACL write
access and now I got a strange problem!!!
This is my only ACL for testing:

access to dn=".*,o=elex,c=be"
        by group="cn=administrators,o=elex,c=be"                write
        by *                                                    none

ldapsearch works for the administrators, ldapmodify also works but
ldapdelete and ldapadd don't work. And ldapmodify with -a option don't work
either

This is the group:

dn: cn=administrators,o=elex,c=be
objectclass: top
objectclass: groupOfNames
cn: administrators
description: Administrators of the domain
member: cn=Koen Bosmans,o=elex,c=be
member: cn=Peter Tillemans,o=elex,c=be
member: cn=Marc Collignon,o=elex,c=be


This is the access debug code I get when Adding or deleting:

=> access_allowed: entry (o=elex,c=BE) attr (children)

=> acl_get: entry (o=elex,c=BE) attr (children)
<= acl_get: no match

=> acl_access_allowed: write access to entry "o=elex,c=BE"

=> acl_access_allowed: write access to value "any" by "CN=KOEN
BOSMANS,O=ELEX,C=BE"
<= acl_access_allowed: denied by default (no matching to)

=> access_allowed: exit (o=elex,c=BE) attr (children)


Looks like he can't find a matching ACL for add, but why can he find an ACL
for search or modify????


Koen Bosmans

Follow-Ups:
- Re: Still Group access problems...
  - From: Emmanuel JEGOU <Emmanuel.Jegou@naonet.fr>

Prev by Date: Re: group access
Next by Date: Re: Still Group access problems...
Index(es):
- Chronological
- Thread