[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
cannot authenticate as user himself
To all,
I have an issue which I think is a bug, but would first like to present
it in "software" as the error might be my own:
I am using openldap-2.0.7.
I have the following line in my slapd.conf:
access to dn=".*,ou=users,o=top"
by self write
I get an LDAP_INSUFFICIENT_ACCESS when I try to bind as a user (lets say
"uid=yoel,ou=users,o=top"). (Yes, the password is correct). If I have
write permission, I should have auth permission.
I have stepped through the process and have found the following:
in acl.c in function acl_mask on line 398 (in the code I have) is where
the acl that I have set up is handled. On the next line, we make sure
op->o_ndn and op->o_dn are not NULL or empty strings. When I stepped
through using a debugger, these values were empty strings, even though
the dn should be "uid=yoel,ou=users,o=top". When I investigated a bit
further, I found that in /servers/slapd/bind.c toward the beginning of
the funciton, op->o_dn and op->o_ndn are cleared and set to empty
strings. I would imagine this is the reason the acl fails. Is it
possible that those should be the connection dn's, i.e. we should be
clearing conn->c_dn and conn->c_ndn?
If anyone can help, let me know if I made a mistake or if I should post
this to the bugs list.
Thanks,
Yoel
--
Yoel Spotts yoel@vasco.com
VASCO Data Security, Inc. http://www.vasco.com