[Date Prev][Date Next] [Chronological] [Thread] [Top]
problem with authenticated base search for objectclass=* by netscape

To: openldap-software@OpenLDAP.org
Subject: problem with authenticated base search for objectclass=* by netscape
From: Patrick Timmons <ptimmons@courriel.polymtl.ca>
Date: Thu, 13 Jul 2000 18:10:37 -0400
Organization: Ecole Polytechnique de Montreal
Hi.

I'm running openldap 1.2.9 on a Linux 2.2.13 slackware. I'm trying to 
use Netscape's address book to  browse an entry in my ldap db. Netscape 
finds the entry but can't browse it. Why isn't this working ? What am I 
missing ?

TIA

Patrick.

Here is the acl file:

-------8<--------
defaultaccess                                                           none

access to *
        attrs=mail
        by dn=".*,ou=personnel,o=polymtl.ca"                            read
        by *                                                            search

access to *
        attrs=entry
        by *                                                            read

access to *
        by dn=".*,ou=personnel,o=polymtl.ca"                            read
-------8<--------

Here is the '-d 152' trace of slapd:

-------8<--------
ACL: access to dn=.*
 attrs=mail
        by dn=.*,OU=PERSONNEL,O=POLYMTL.CA
        by dn=.*

ACL: access to dn=.*
 attrs=entry
        by dn=.*

ACL: access to dn=.*
        by dn=.*,OU=PERSONNEL,O=POLYMTL.CA

slapd starting
listening for connections on 6, activity on:
before select active_threads 0
select activity on 1 descriptors
new connection on 7
activity on:
listening for connections on 6, activity on: 7r
before select active_threads 0
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 65 contents:
ber_dump: buf 0x80852c8, ptr 0x80852c8, end 0x8085309
          current len 65, contents:
        02 01 01  `  < 02 01 02 04  .  c  n  =  P  a  t
         r  i  c  k 20  T  i  m  m  o  n  s  , 20  o  u
         =  p  e  r  s  o  n  n  e  l  , 20  o  =  p  o
         l  y  m  t  l  .  c  a 80 07  h  i  t  h  e  r
         e 
listening for connections on 6, activity on: 7r
before select active_threads 1
ber_flush: 14 bytes to sd 7
         0 0c 02 01 01  a 07 0a 01 00 04 00 04 00 
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 156 contents:
ber_dump: buf 0x80852c8, ptr 0x80852c8, end 0x8085364
          current len 156, contents:
        02 01 02  c 81 96 04 0c  o  =  p  o  l  y  m  t
         l  .  c  a 0a 01 02 0a 01 00 02 01  d 02 01 00
        01 01 00 a1  ; a4 11 04 02  c  n  0 0b 80 09  g
         r  a  n  d  m  e  r  e a4 13 04 04  m  a  i  l
         0 0b 80 09  g  r  a  n  d  m  e  r  e a4 11 04
        02  s  n  0 0b 80 09  g  r  a  n  d  m  e  r  e
         0  : 04 02  c  n 04 04  m  a  i  l 04 01  o 04
        0f  t  e  l  e  p  h  o  n  e  n  u  m  b  e  r
        04 01  l 04 08  n  i  c  k  n  a  m  e 04 02  s
         n 04 09  g  i  v  e  n  n  a  m  e 
listening for connections on 6, activity on: 7r
before select active_threads 1

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: cn

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)
<= acl_get: [1] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: mail

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: sn

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)
<= acl_get: [2] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: entry

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: cn

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (givenname)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: givenname

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: sn

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)
<= acl_get: [1] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: mail

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted
ber_flush: 166 bytes to sd 7
         0 81 a3 02 01 02  d 81 9d 04  .  p  o  l  y  u
         n  i  q  u  e  i  d  =  a  a  a  a  a  , 20  o
         u  =  e  t  u  d  i  a  n  t  s  , 20  o  =  p
         o  l  y  m  t  l  .  c  a  0  k  0 18 04 02  c
         n  1 12 04 10  C  o  u  c  o  u 20  G  r  a  n
         d  m  e  r  e  0 15 04 09  g  i  v  e  n  n  a
         m  e  1 08 04 06  C  o  u  c  o  u  0 11 04 02
         s  n  1 0b 04 09  G  r  a  n  d  m  e  r  e  0
         % 04 04  m  a  i  l  1 1d 04 1b  c  o  u  c  o
         u  .  g  r  a  n  d  m  e  r  e  @  p  o  l  y
         m  t  l  .  c  a 
ber_flush: 14 bytes to sd 7
         0 0c 02 01 02  e 07 0a 01 00 04 00 04 00 
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf 0x80853c8, ptr 0x80853c8, end 0x80853cd
          current len 5, contents:
        02 01 03  B 00 
listening for connections on 6, activity on: 7r
before select active_threads 1
select activity on 1 descriptors
new connection on 7
activity on:
listening for connections on 6, activity on: 7r
before select active_threads 0
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 65 contents:
ber_dump: buf 0x8082390, ptr 0x8082390, end 0x80823d1
          current len 65, contents:
        02 01 01  `  < 02 01 02 04  .  c  n  =  P  a  t
         r  i  c  k 20  T  i  m  m  o  n  s  , 20  o  u
         =  p  e  r  s  o  n  n  e  l  , 20  o  =  p  o
         l  y  m  t  l  .  c  a 80 07  h  i  t  h  e  r
         e 
listening for connections on 6, activity on: 7r
before select active_threads 1
ber_flush: 14 bytes to sd 7
         0 0c 02 01 01  a 07 0a 01 00 04 00 04 00 
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 156 contents:
ber_dump: buf 0x80852c8, ptr 0x80852c8, end 0x8085364
          current len 156, contents:
        02 01 02  c 81 96 04 0c  o  =  p  o  l  y  m  t
         l  .  c  a 0a 01 02 0a 01 00 02 01  d 02 01 00
        01 01 00 a1  ; a4 11 04 02  c  n  0 0b 80 09  g
         r  a  n  d  m  e  r  e a4 13 04 04  m  a  i  l
         0 0b 80 09  g  r  a  n  d  m  e  r  e a4 11 04
        02  s  n  0 0b 80 09  g  r  a  n  d  m  e  r  e
         0  : 04 02  c  n 04 04  m  a  i  l 04 01  o 04
        0f  t  e  l  e  p  h  o  n  e  n  u  m  b  e  r
        04 01  l 04 08  n  i  c  k  n  a  m  e 04 02  s
         n 04 09  g  i  v  e  n  n  a  m  e 
listening for connections on 6, activity on: 7r
before select active_threads 1

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: cn

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)
<= acl_get: [1] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: mail

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: sn

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)
<= acl_get: [2] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: entry

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (entry)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (cn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: cn

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (givenname)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: givenname

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (sn)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: sn

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (mail)
<= acl_get: [1] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: mail

=> acl_access_allowed: read access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: read access to value "any" by "CN=PATRICK TIMMONS,OU=PERSONNEL,O=POLYMTL.CA"
<= acl_access_allowed: matched by clause #1 access granted
ber_flush: 166 bytes to sd 7
         0 81 a3 02 01 02  d 81 9d 04  .  p  o  l  y  u
         n  i  q  u  e  i  d  =  a  a  a  a  a  , 20  o
         u  =  e  t  u  d  i  a  n  t  s  , 20  o  =  p
         o  l  y  m  t  l  .  c  a  0  k  0 18 04 02  c
         n  1 12 04 10  C  o  u  c  o  u 20  G  r  a  n
         d  m  e  r  e  0 15 04 09  g  i  v  e  n  n  a
         m  e  1 08 04 06  C  o  u  c  o  u  0 11 04 02
         s  n  1 0b 04 09  G  r  a  n  d  m  e  r  e  0
         % 04 04  m  a  i  l  1 1d 04 1b  c  o  u  c  o
         u  .  g  r  a  n  d  m  e  r  e  @  p  o  l  y
         m  t  l  .  c  a 
ber_flush: 14 bytes to sd 7
         0 0c 02 01 02  e 07 0a 01 00 04 00 04 00 
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf 0x8082390, ptr 0x8082390, end 0x8082395
          current len 5, contents:
        02 01 03  B 00 
listening for connections on 6, activity on: 7r
before select active_threads 1
select activity on 1 descriptors
new connection on 7
activity on:
listening for connections on 6, activity on: 7r
before select active_threads 0
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 65 contents:
ber_dump: buf 0x8086d18, ptr 0x8086d18, end 0x8086d59
          current len 65, contents:
        02 01 01  `  < 02 01 02 04  .  c  n  =  P  a  t
         r  i  c  k 20  T  i  m  m  o  n  s  , 20  o  u
         =  p  e  r  s  o  n  n  e  l  , 20  o  =  p  o
         l  y  m  t  l  .  c  a 80 07  h  i  t  h  e  r
         e 
listening for connections on 6, activity on: 7r
before select active_threads 1
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 83 contents:
ber_dump: buf 0x8085338, ptr 0x8085338, end 0x808538b
          current len 83, contents:
        02 01 02  c  N 04  .  p  o  l  y  u  n  i  q  u
         e  i  d  =  a  a  a  a  a  , 20  o  u  =  e  t
         u  d  i  a  n  t  s  , 20  o  =  p  o  l  y  m
         t  l  .  c  a 0a 01 00 0a 01 00 02 01 00 02 01
        00 01 01 00 87 0b  o  b  j  e  c  t  c  l  a  s
         s  0 00 
ber_flush: 14 bytes to sd 7
         0 0c 02 01 01  a 07 0a 01 00 04 00 04 00 
listening for connections on 6, activity on: 7r
before select active_threads 1

=> access_allowed: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (objectclass)

=> acl_get: entry (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (objectclass)
<= acl_get: [3] backend acl polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca attr: objectclass

=> acl_access_allowed: search access to entry "polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca"

=> acl_access_allowed: search access to value "any" by ""
<= acl_access_allowed: denied by default (no matching by)

=> access_allowed: exit (polyuniqueid=aaaaa, ou=etudiants, o=polymtl.ca) attr (objectclass)
ber_flush: 14 bytes to sd 7
         0 0c 02 01 02  e 07 0a 01 00 04 00 04 00 
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf 0x8086d48, ptr 0x8086d48, end 0x8086d4d
          current len 5, contents:
        02 01 03  B 00 
listening for connections on 6, activity on: 7r
before select active_threads 1
select activity on 1 descriptors
activity on: 7r
read activity on 7
ber_get_next
listening for connections on 6, activity on:
before select active_threads 1
select failed errno 4 (Interrupted system call)
slapd shutting down - waiting for 0 threads to terminate
slapd stopping
-------8<--------

-- 
P.Timmons, service informatique
Follow-Ups:
- Re: problem with authenticated base search for objectclass=* by netscape
  - From: Patrick Timmons <ptimmons@courriel.polymtl.ca>
Prev by Date: Re: squid_ldap_auth authentication script
Next by Date: Re: slapd hang once a day (fwd)
Index(es):
- Chronological
- Thread