[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL's again...



Eww, following up on own posting!

I figured out the problem ... appears that + is a special character in 
the regex and makes slapd do weird things internally.  Perhaps it's a
bug?  I can't say since I haven't managed to find any proper
documentation on ACL's and regex's as they apply to slapd.

I changed the access line to read:

access to dn="userID=.*[+]hostName=(.*)[+]domainName=(.*),ou=emailUser,dc=linux-delhi,dc=org"

...and now it seems to be working fine.

Thanks for your time,

-- Raju

>>>>> "Raj" == Raj Mathur <raju@sgi.com> writes:

    Raj> Hi, I have this weird problem, where I add an ACL and the
    Raj> server goes into a hang (or atleast a sleep) whenever it
    Raj> tries to process a record which matches that ACL.  In my
    Raj> slapd.conf given below, slapd (1.2.7) freezes whenever it
    Raj> reaches a record which matches the ``ou=emailUser'' ACL.  It
    Raj> seems to process records matching the other ACL's just fine.

    Raj> (BTW, tips on improving this slapd.conf would be
    Raj> appreciated).  The system is the RedHat OpenLDAP RPM
    Raj> installed on a more-or-less standard RedHat Linux 6.1 system.

    Raj> include /etc/openldap/slapd.at.conf include
    Raj> /etc/openldap/slapd.oc.conf # schemacheck on # referral
    Raj> ldap://ldap.itd.umich.edu

    Raj> # ldbm definition for the U-M database database ldbm
    Raj> cachesize 4 suffix "O=SGI, C=IN" suffix
    Raj> "dc=linux-delhi,dc=org" directory /var/tmp/ldap rootdn
    Raj> "CN=Manager, DC=linux-delhi, DC=org" rootpw secret
    Raj> defaultaccess read lastmod on # # ACL's for VishwaKarma #
    Raj> access to
    Raj> dn="domainName=(.*),ou=virtualDomain,dc=linux-delhi,dc=org"
    Raj> by self write by domain=localhost read by * none access to
    Raj> dn="hostName=.*+domainName=(.*),ou=virtualHost,dc=linux-delhi,dc=org"
    Raj> by self write by
    Raj> dn="domainName=$0,ou=virtualDomain,dc=linux-delhi,dc=org"
    Raj> write by domain=localhost read by * none access to
    Raj> dn="userID=.*+hostName=(.*)+domainName=(.*),ou=emailUser,dc=linux-delhi,dc=org"
    Raj> by self write by
    Raj> dn="hostName=$1+domainName=$2,ou=virtualHost,dc=linux-delhi,dc=org"
    Raj> write by
    Raj> dn="domainName=$2,ou=virtualDomain,dc=linux-delhi,dc=org"
    Raj> write by domain=localhost read by * none access to * by *
    Raj> read

    Raj> Regards,

    Raj> -- Raju