[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL problem with version 2.0.23
People,
I am belatedly upgrading from version 1.2.9 to version 2.0.23.
I am using Solaris 8.
I am having problems with my ACL specifications.
Here are the relevant lines from slapd.conf:
36 access to attr=userPassword
37 by dn="uid=Replicator,ou=Special Users,o=OzEmail,c=au" write
38 by dn="uid=Infranet,ou=Special Users,o=OzEmail,c=au" read
I started slapd with "-d 32767".
Listed below are two extracts from the output.
In lines 2-5 the ACL appears to have been accepted.
In lines 9-41 we see the results, with the failure on line 41.
Note particularly lines 35-39.
In lines 35-37 the DN's appear to match.
But they do not because "string" is empty. (Line 38). Why?
What have I done wrong?
HELP!
Sadly,
Warren.
1 --------------------------------------------------
2 line 38 (access to attr=userPassword by dn="uid=Replicator,ou=Special
Users,o=TheCompany,c=au" write by dn="uid=Accounting,ou=Special
Users,o=TheCompany,c=au" read)
3 Global ACL: access to attrs=userPassword
4 by dn.regex=uid=Replicator,ou=Special Users,o=TheCompany,c=au write
(=wrscx)
5 by dn.regex=uid=Accounting,ou=Special Users,o=TheCompany,c=au read
(=rscx)
6
7 line 68 (defaultaccess none)
8 --------------------------------------------------
9 do_bind: version=3 dn="uid=Accounting,ou=Special
Users,o=TheCompany,c=au" method=128
10 conn=0 op=0 BIND dn="UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU"
method=128
11 ==> ldbm_back_bind: dn: uid=Accounting,ou=Special
Users,o=TheCompany,c=au
12 dn2entry_r: dn: "UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU"
13 => dn2id( "UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU" )
14 => ldbm_cache_open( "dn2id.dbb", 73, 600 )
15 ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
16 <= ldbm_cache_open (opened 0)
17 <= dn2id 5
18 => id2entry_r( 5 )
19 => ldbm_cache_open( "id2entry.dbb", 73, 600 )
20 ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
21 <= ldbm_cache_open (opened 1)
22 => str2entry
23 <= str2entry(uid=Accounting,ou=Special Users,o=TheCompany,c=AU) -> -1
(0xc29f8)
24 <= id2entry_r( 5 ) 0xc29f8 (disk)
25 => access_allowed: auth access to "uid=Accounting,ou=Special
Users,o=TheCompany,c=AU" "userPassword" requested
26 => acl_get: [1] check attr userPassword
27 <= acl_get: [1] acl uid=Accounting,ou=Special Users,o=TheCompany,c=AU
attr: userPassword
28 => acl_mask: access to entry "uid=Accounting,ou=Special
Users,o=TheCompany,c=AU", attr "userPassword" requested
29 => acl_mask: to all values by "", (=n)
30 <= check a_dn_pat: uid=Replicator,ou=Special Users,o=TheCompany,c=au
31 => string_expand: pattern: uid=Replicator,ou=Special
Users,o=TheCompany,c=au
32 => string_expand: expanded: uid=Replicator,ou=Special
Users,o=TheCompany,c=au
33 => regex_matches: string:
34 => regex_matches: rc: 1 no matches
35 <= check a_dn_pat: uid=Accounting,ou=Special Users,o=TheCompany,c=au
36 => string_expand: pattern: uid=Accounting,ou=Special
Users,o=TheCompany,c=au
37 => string_expand: expanded: uid=Accounting,ou=Special
Users,o=TheCompany,c=au
38 => regex_matches: string:
39 => regex_matches: rc: 1 no matches
40 <= acl_mask: no more <who> clauses, returning =n (stop)
41 => access_allowed: auth access denied by =n
42 --------------------------------------------------
Warren Dale -- WorldCom
* Email .. dale.warren@wcom.com.au