[Date Prev][Date Next] [Chronological] [Thread] [Top]

2.0.6 and acl

To: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
Subject: 2.0.6 and acl
From: "Trapp, Michael" <michael.trapp@sap.com>
Date: Thu, 19 Oct 2000 17:45:30 +0200

hi,

i still have some problems with acl's and openldap-2.0.6.

ldapsearch -D 'cn=admin,ou=corp,o=test' -w ...
produces the folowing debug messages:
8<---logfile---
=> access_allowed: auth access to "cn=admin,ou=corp,o=test" "userPassword"
requested
=> dn: [1] OU=CORP,O=TEST
=> acl_get: [1] matched
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl cn=admin,ou=corp,o=test attr: userPassword
=> acl_mask: access to entry "cn=admin,ou=corp,o=test", attr "userPassword"
requested
=> acl_mask: to all values by "", (=n) 
<= check a_dn_pat: cn=admin,ou=corp,o=test
<= check a_dn_pat: self
<= acl_mask: no more <who> clauses, returning =n (stop)
=> access_allowed: auth access denied by =n
8<---logfile---

... looks like acl_mask() checks the right section and the corresponding
entries inside the section
8< -----slapd.conf
access to dn.child="ou=corp,o=test"
	by dn.regex="cn=test,ou=corp,o=test" write
	by self	read
8< -----slapd.conf

but the regex doesn't match the dn!
as far as i can see, the op->o_ndn isn't set  so it can't match at all.
is there any failure in the config? (i'm still looking for the corresponding
documentation,
the admin-guide doesn't tell anything about target-style, subject-style or
controls :-(

any hints?


thanx
michael

Follow-Ups:
- Re: 2.0.6 and acl
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: Connecting Netscape + SSL to OpenLdap 2.0.6
Next by Date: Re: Importing users
Index(es):
- Chronological
- Thread