[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL group.regex in 2.1.22
> > the question is: why is the group access rule 'skipped'?
>
> Because of your global rule
> access to * by none
>
> <= check a_dn_pat: *
> <= acl_mask: [5] applying none(=n) (stop)
> <= acl_mask: [5] mask: none(=n)
> => access_allowed: search access denied by none(=n)
>
Can anyone confirm that ?
I was under the impression that in the log files, I would see something like
<= check a_dn_pat: qManager=.*,qRole=manager,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat: ^qDomain=$2,qRole=domain,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat:
^qGroup=$1,qDomain=$2,qRole=domain,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat: qRole=123,qApp=qwido
<= check a_dn_pat: *
All the other 'who' clauses are listed in the logfiles, just not the
'group'-rule.
_Ace