[Date Prev][Date Next] [Chronological] [Thread] [Top]

group access "write" in OpenLDAP 2.1.4

To: openldap-software@OpenLDAP.org
Subject: group access "write" in OpenLDAP 2.1.4
From: Michiko Nagara <chigu@fjh.fujitsu.com>
Date: Fri, 13 Sep 2002 14:26:41 +0900

Hello,

I have a question about the group access.
I am using OpenLDAP 2.1.4 + BerkeleyDB 4.0.14.
OS: Solaris 8, Turbolinux 7.0

I have created the following group.
(made reference to FAQ: 
 How do I use groups as manage access contorls?)

+-dc=example,dc=com
+--cn=administrators,dc=example,dc=com
+--cn=fred blogs,dc=example,dc=com 

LDIF:

dn:cn=administrators,dc=example,dc=com
cn: administrators of this region
objectclass: groupOfNames
objectclass: top
member: cn=fred blogs,dc=example,dc=com 
member: cn=somebody else,dc=example,dc=com

slapd.conf : the GROUP access acl 

access to *
      by group="cn=administrators,dc=example,dc=com" write  
      by * auth

When I tried to modify dn "cn=fred blogs,dc=example,dc=com",
it works fine.
But when I tried to search filter "(objectclass=*)", I got
no entries.

# extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1


When I used OpenLDAP 2.1.3 with same acl as the above-mentioned, 
I could get all entries.
Also, I changed group.c v1.9.2.4 to v1.9.2.3 in OpenLDAP 2.1.4
and rebuilt, I could get all entries.

When version 2.1.4 is used, should I do anything else?

I apologize for the unskilled English language and long writing.

Thanks.
------
Michiko NAGARA

Follow-Ups:
- Re: group access "write" in OpenLDAP 2.1.4
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: group access "write" in OpenLDAP 2.1.4
  - From: Michiko Nagara <chigu@fjh.fujitsu.com>
- RE: group access "write" in OpenLDAP 2.1.4
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: RE: Modifying backend...
Next by Date: slurpd problem in cluster configuration
Index(es):
- Chronological
- Thread