[Date Prev][Date Next] [Chronological] [Thread] [Top]

cannot authenticate as user himself



To all,

I have an issue which I think is a bug, but would first like to present
it in "software" as the error might be my own: 

I am using openldap-2.0.7.

I have the following line in my slapd.conf:

access	to dn=".*,ou=users,o=top"
	by self	write

I get an LDAP_INSUFFICIENT_ACCESS when I try to bind as a user (lets say
"uid=yoel,ou=users,o=top"). (Yes, the password is correct). If I have
write permission, I should have auth permission.

I have stepped through the process and have found the following:

in acl.c in function acl_mask on line 398 (in the code I have) is where
the acl that I have set up is handled. On the next line, we make sure
op->o_ndn and op->o_dn are not NULL or empty strings. When I stepped
through using a debugger, these values were empty strings, even though
the dn should be "uid=yoel,ou=users,o=top". When I investigated a bit
further, I found that in /servers/slapd/bind.c toward the beginning of
the funciton, op->o_dn and op->o_ndn are cleared and set to empty
strings. I would imagine this is the reason the acl fails. Is it
possible that those should be the connection dn's, i.e. we should be
clearing conn->c_dn and conn->c_ndn? 

If anyone can help, let me know if I made a mistake or if I should post
this to the bugs list.

Thanks,

Yoel
-- 
Yoel Spotts			yoel@vasco.com
VASCO Data Security, Inc.	http://www.vasco.com