[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with ACL



Hello!

Sorry, I don´t understand the access control result.

I want to: Make cn and mail world search- and readable, as I
hoped to define in line 26 (access to attr=cn,mail by self write
by * read). Everything else at least partly restricted.

I get the messages below. This means, I don´t get any result
when binding anonymously and searching fo cn=*marian*

Can anybody explain to me what happens and what I am doing
wrong?

Thanks a lot!

Marian



line 14 (defaultaccess none)
line 18 (access to attr=matrikelnr by self read by * none)
ACL: access to
 attrs=matrikelnr
        by dn=self
        by dn=.*

line 22 (access to attr=userpassword by self write by * none)
ACL: access to
 attrs=userpassword
        by dn=self
        by dn=.*

line 26 (access to attr=cn,mail by self write by * read)
ACL: access to
 attrs=cn,mail
        by dn=self
        by dn=.*

line 31 (access to * by self write by dn=".+" read by * none)
ACL: access to dn=.*
        by dn=self
        by dn=.+
        by dn=.*

line 37 (database       ldbm)
line 39 (suffix         "ou=Design, o=Fachhochschule Koeln,
c=DE")
line 41 (directory      /usr/local/ldap)
line 43 (index          cn,sn,givenname,uid)
line 45 (rootdn         "cn=root, ou=Design, o=Fachhochschule
Koeln, c=DE")
line 47 (rootpw         *****)
line 49 (updatedn       "cn=root, ou=Design, o=Fachhochschule
Koeln, c=DE")
slapd starting
conn=0 fd=7 connection from localhost (127.0.0.1) accepted.
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT err=0 tag=97 nentries=0
conn=0 op=1 SRCH base="OU=DESIGN,O=FACHHOCHSCHULE KOELN,C=DE"
scope=2 filter="(cn=*MARIAN*)"

=> access_allowed: entry (uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE) attr (cn)

=> acl_get: entry (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (cn)
<= acl_get: [3] global acl uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE attr: cn

=> acl_access_allowed: search access to entry "uid=marian,
ou=Design, o=Fachhochschule Koeln, c=DE"

=> acl_access_allowed: search access to value "any" by ""
<= acl_access_allowed: matched by clause #2 access granted

=> access_allowed: exit (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (cn)

=> access_allowed: entry (uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE) attr (entry)

=> acl_get: entry (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (entry)
<= acl_get: [4] global acl uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE attr: entry

=> acl_access_allowed: read access to entry "uid=marian,
ou=Design, o=Fachhochschule Koeln, c=DE"

=> acl_access_allowed: read access to value "any" by ""
<= acl_access_allowed: matched by clause #3 access denied

=> access_allowed: exit (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (entry)
acl: access to entry not allowed