[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
acl's with peername.path not honoured?
Hi,
I would like to have a subtree beeing searched by back-ldap backendand
have following rule
.-.-.-.-.-.-..-.-.access rule.-.-.-.-.-.-.-.-..-.-.-.-.
access to dn.regex="cn=([^,]+),ou=Partner,o=avci,c=de$$"
by dn.exact="cn=$1,ou=Partner,o=avci,c=de" write
by peername.path=/home/dieter/openldap/var/run/ldapi read
by users read
by * auth
.-.-.-.-.-.-.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
An excerpt from logfiles shows that read access is denied and only an
auth level is granted
.-.-.-.-.excerpt from log.-.-.-.-.-.-.-.-.-....-.-.-.-.-.
slapd[3958]: conn=0 fd=19 ACCEPT from PATH= (PATH=/home/dieter/
openldap/var/run/ldapi)
slapd[3960]: conn=0 op=0 BIND dn="" method=128
slapd[3960]: conn=0 op=0 RESULT tag=97 err=0 text=
slapd[3960]: conn=0 op=1 SRCH base="ou=partner,o=hdk,c=de" scope=1
deref=3 filter="(sn=kluenter)"
slapd[3960]: conn=0 op=1 SRCH attr=telephonenumber
slapd[3950]: connection_get(15)
slapd[3961]: send_ldap_result: err=0 matched="" text=""
slapd[3950]: connection_get(15)
slapd[3961]: SRCH "ou=partner,o=avci,c=de" 1 3
slapd[3961]: 500 3600 0
slapd[3961]: filter: (sn=kluenter)
slapd[3961]: attrs:
slapd[3961]: telephonenumber
slapd[3961]: bdb_idl_fetch_key: [01872a84]
slapd[3961]: bdb_idl_fetch_key: [b49d1940]
slapd[3961]: bdb_idl_fetch_key: [b048bd26]
slapd[3961]: => access_allowed: search access to "cn=Dieter
Kluenter,ou=Partner,o=avci,c=de" "sn" requested
slapd[3961]: => dnpat: [3] cn=([^,]+),ou=Partner,o=avci,c=de$$ nsub: 1
slapd[3961]: => acl_get: [3] matched
slapd[3961]: => acl_get: [3] attr sn
slapd[3961]: => acl_mask: access to entry "cn=Dieter
Kluenter,ou=Partner,o=avci,c=de", attr "sn" requested
slapd[3961]: => acl_mask: to value by "", (=n)
slapd[3961]: <= check a_dn_pat: cn=$1,ou=partner,o=avci,c=de
slapd[3961]: <= check a_peername_path: /home/dieter/openldap/var/run/
ldapi
slapd[3961]:<=check a_dn_pat:users
slapd[3961]: <= check a_dn_pat: *
slapd[3961]: <= acl_mask: [4] applying auth(=x) (stop)
slapd[3961]: <= acl_mask: [4] mask: auth(=x)
slapd[3961]: => access_allowed: search access denied by auth(=x)
.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
Is slapd not honouring the peername_path or am I missing something?
-Dieter
--
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de