[Date Prev][Date Next] [Chronological] [Thread] [Top]

cannot authenticate as user himself

To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Subject: cannot authenticate as user himself
From: "Yoel Spotts" <jds@vasco.com>
Date: Wed, 21 Feb 2001 15:40:15 -0500
Organization: VASCO Data Security

To all,

I have an issue which I think is a bug, but would first like to present
it in "software" as the error might be my own: 

I am using openldap-2.0.7.

I have the following line in my slapd.conf:

access	to dn=".*,ou=users,o=top"
	by self	write

I get an LDAP_INSUFFICIENT_ACCESS when I try to bind as a user (lets say
"uid=yoel,ou=users,o=top"). (Yes, the password is correct). If I have
write permission, I should have auth permission.

I have stepped through the process and have found the following:

in acl.c in function acl_mask on line 398 (in the code I have) is where
the acl that I have set up is handled. On the next line, we make sure
op->o_ndn and op->o_dn are not NULL or empty strings. When I stepped
through using a debugger, these values were empty strings, even though
the dn should be "uid=yoel,ou=users,o=top". When I investigated a bit
further, I found that in /servers/slapd/bind.c toward the beginning of
the funciton, op->o_dn and op->o_ndn are cleared and set to empty
strings. I would imagine this is the reason the acl fails. Is it
possible that those should be the connection dn's, i.e. we should be
clearing conn->c_dn and conn->c_ndn? 

If anyone can help, let me know if I made a mistake or if I should post
this to the bugs list.

Thanks,

Yoel
-- 
Yoel Spotts			yoel@vasco.com
VASCO Data Security, Inc.	http://www.vasco.com

Follow-Ups:
- Re: cannot authenticate as user himself
  - From: "Yoel Spotts" <jds@vasco.com>
- Re: cannot authenticate as user himself
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

Prev by Date: AW: cn=Monitor
Next by Date: Re: cannot authenticate as user himself
Index(es):
- Chronological
- Thread