[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group.regex in 2.1.22




> > the question is: why is the group access rule 'skipped'?
>
> Because of your global rule
> access to * by none
>
> <= check a_dn_pat: *
> <= acl_mask: [5] applying none(=n) (stop)
> <= acl_mask: [5] mask: none(=n)
> => access_allowed: search access denied by none(=n)
>

Can anyone confirm that ?

I was under the impression that in the log files, I would see something like

<= check a_dn_pat: qManager=.*,qRole=manager,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat: ^qDomain=$2,qRole=domain,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat: 
^qGroup=$1,qDomain=$2,qRole=domain,qIsp=$3,qRole=isp,qApp=qwido
<= check a_dn_pat: qRole=123,qApp=qwido
<= check a_dn_pat: *

All the other 'who' clauses are listed in the logfiles, just not the 
'group'-rule.

_Ace