[Date Prev][Date Next] [Chronological] [Thread] [Top]

group access "write" in OpenLDAP 2.1.4



Hello,

I have a question about the group access.
I am using OpenLDAP 2.1.4 + BerkeleyDB 4.0.14.
OS: Solaris 8, Turbolinux 7.0

I have created the following group.
(made reference to FAQ: 
 How do I use groups as manage access contorls?)

+-dc=example,dc=com
+--cn=administrators,dc=example,dc=com
+--cn=fred blogs,dc=example,dc=com 

LDIF:

dn:cn=administrators,dc=example,dc=com
cn: administrators of this region
objectclass: groupOfNames
objectclass: top
member: cn=fred blogs,dc=example,dc=com 
member: cn=somebody else,dc=example,dc=com

slapd.conf : the GROUP access acl 

access to *
      by group="cn=administrators,dc=example,dc=com" write  
      by * auth

When I tried to modify dn "cn=fred blogs,dc=example,dc=com",
it works fine.
But when I tried to search filter "(objectclass=*)", I got
no entries.

# extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1


When I used OpenLDAP 2.1.3 with same acl as the above-mentioned, 
I could get all entries.
Also, I changed group.c v1.9.2.4 to v1.9.2.3 in OpenLDAP 2.1.4
and rebuilt, I could get all entries.

When version 2.1.4 is used, should I do anything else?

I apologize for the unskilled English language and long writing.

Thanks.
------
Michiko NAGARA