[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL



Well Line 1 is just stating that you want the "userPassword" Attribute and you are connection as user "AdminContacts"
Line 2 is telling you that that the system is checking the ACL for the "userPassword" Attributes..


Basiclly all that is happening here is that the system is stepping through the code to check against the nesacary ACLs using the Authentication provided. The last line basiclly confirms that authorization was granted. So that that user should be able to view the "userPassword" attributes...

Does that help?

-Josh




On Friday, June 13, 2003, at 01:14 AM, <philippe.broussard@e-qual.fr> wrote:



Hi,

I have a question about the ACL, here's the log of a connexion by user
AdminContacts (he is not the superuser) to the database


daemon: socket() failed errno=97 (Address family not supported by protocol) bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Global ACL: access to attrs=userPassword by dn.base=cn=admincontacts,ou=contacts,dc=e-qual,dc=fr write(=wrscx) by anonymous auth(=x) by self write(=wrscx) by * none(=n)

Global ACL: access to dn.subtree=ou=contacts,dc=e-qual,dc=fr
        by dn.base=cn=admincontacts,ou=contacts,dc=e-qual,dc=fr
write(=wrscx)
        by * none(=n)

Global ACL: access to *
        by self write(=wrscx)
        by users read(=rscx)
        by anonymous read(=rscx)

bdb_db_init: Initializing BDB database
slapd starting


1 => access_allowed: auth access to "cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr" "userPassword" requested 2 => acl_get: [1] check attr userPassword 3 <= acl_get: [1] acl cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr attr: userPassword 4 => acl_mask: access to entry "cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr", attr "userPassword" requested 5 => acl_mask: to all values by "", (=n) 6 <= check a_dn_pat: cn=admincontacts,ou=contacts,dc=e-qual,dc=fr 7 <= check a_dn_pat: anonymous 8 <= acl_mask: [2] applying auth(=x) (stop) 9 <= acl_mask: [2] mask: auth(=x) 10 => access_allowed: auth access granted by auth(=x)


My question is simple : can someone could me explain the meaning of the lines 1 to 10 (and if possible the [1] and [2])?

I think understand but I would want a confirmation

Thanks for the answer


Philippe



-Joshua Bernstein
Systems Analyst
University of Arizona
Tucson, Arizona, USA