[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
probably simple acl problem
Hi,
I added some entries to the ldaptree and want to use one of them as a
"super-user".
I mean I want to add more entries authenticating as this user.
The entry is:
dn: uid=mylogin,ou=People,dc=mydomain,dc=com
uid: mylogin
cn: My Name
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}asdlvkjabsevuib
shadowLastChange: 11927
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 100
homeDirectory: /home/mylogin
And the acls are:
access to dn="(.*,)*,dc=mydomain,dc=com"
by dn="uid=mylogin,ou=People,dc=ce3,dc=pl" write
access to attr=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by users read
by anonymous none
access to * by * none
The log file shows:
Nov 25 12:09:02 gate slapd[5138]: => access_allowed: auth access to
"uid=mylogin,ou=People,dc=mydomain,dc=com" "userPassword" requested
Nov 25 12:09:02 gate slapd[5138]: => dnpat: [1] (.*,)*,dc=ce3,dc=pl nsub: 1
Nov 25 12:09:02 gate slapd[5138]: => acl_get: [1] matched
Nov 25 12:09:02 gate slapd[5138]: => acl_get: [1] check attr userPassword
Nov 25 12:09:02 gate slapd[5138]: <= acl_get: [1] acl
uid=mylogin,ou=People,dc=mydomain,dc=com attr: userPassword
Nov 25 12:09:02 gate slapd[5138]: => match[0]: 22 35
Nov 25 12:09:02 gate slapd[5138]: ,
Nov 25 12:09:02 gate slapd[5138]: D
Nov 25 12:09:02 gate slapd[5138]: C
Nov 25 12:09:02 gate slapd[5138]: =
Nov 25 12:09:02 gate slapd[5138]: C
Nov 25 12:09:02 gate slapd[5138]: E
Nov 25 12:09:02 gate slapd[5138]: 3
Nov 25 12:09:02 gate slapd[5138]: ,
Nov 25 12:09:02 gate slapd[5138]: D
Nov 25 12:09:02 gate slapd[5138]: C
Nov 25 12:09:02 gate slapd[5138]: =
Nov 25 12:09:02 gate slapd[5138]: P
Nov 25 12:09:02 gate slapd[5138]: L
Nov 25 12:09:02 gate slapd[5138]: => acl_mask: access to entry
"uid=mylogin,ou=People,dc=mydomain,dc=com", attr "userPassword" requested
Nov 25 12:09:02 gate slapd[5138]: => acl_mask: to all values by "", (=n)
Nov 25 12:09:02 gate slapd[5138]: <= check a_dn_pat:
uid=mylogin,ou=People,dc=mydomain,dc=com
Nov 25 12:09:02 gate slapd[5138]: <= acl_mask: no more <who> clauses,
returning =n (stop)
Nov 25 12:09:02 gate slapd[5138]: => access_allowed: auth access denied
by =n
What is wrong ?
Maybe the ACL is wrong, but for me it seems OK.
User authenticated as uid=mylogin should be able to write everywhere
below dc=mydomain,dc=com.
Kuba