[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: acl's being ignored?
At 12:39 AM 4/2/00 -0500, felix k sheng wrote:
>Hello all,
>
>I've just starting trying to use OpenLDAP, but I've been having some
>issues with ACL's. In particular, openldap seems to be ignoring
>what I'm trying to tell it - I've pored over the list archives and
>the SLAPD Admin Guide to no avail.. I'm sure I'm doing something
>very obviously silly, but I can't seem to pin point it. I've
>compiled this fresh for an essentially redhat 5.x linux box.
>
>Boiled down, my slapd.conf contains these lines:
>
>defaultaccess none
>
>access to dn=".*"
> by * none
As this ACL applies to all entries, all further ACLs will not
be evaluated.
>
>At various times it contained only the defaultaccess none line and
>at other times it had some other more specific lines in it. But
>no matter what I do, if I try and connect anonymously I can always
>see everything.
>
>At first I had attempted to cut access to certain attrs like so:
>
>access to attr=mail
> by self write
> by * none
>
>and various iterations like that, but no matter what, I could always
>get everything anonymously.
>
>
>
>Giving slapd a -d128 option, I get these lines, which seem relevant:
>
>ACL: access to dn=.*
> by dn=.*
>
>slapd starting
>
>[snip]
>
>=> acl_get: entry (cn=Someone New5, ou=Group, o=Foo, c=US) attr (objectclass)
><= acl_get: no match
>
>=> acl_access_allowed: search access to entry "cn=Someone New5, ou=Group, o=Foo, c=US"
>
>=> acl_access_allowed: search access to value "PERSON" by ""
><= acl_access_allowed: granted by default (no matching to)
>
>=> access_allowed: exit (cn=Someone New5, ou=Group, o=Foo, c=US) attr (objectclass)
>
>
>What am I doing wrong? Can I provide any other information?
>
>Thanks for any help!
>
>felix
>
>--
>felix sheng ... felix@deasil.com
>
>PGP: <http://wwwkeys.us.pgp.net:11371/pks/lookup?op=get&search=0x2CA84A01>
>
>