[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Decyphering openldap ACL logs
Hi,
I am working on configuring qmail-ldap and facing some permission problems with my ldap configuration.
My slapd.conf's acl section is some thing like
access to attr=userPassword
by anonymous auth
access to *
by dn="cn=admin,dc=com" write
by aci write
by * read
with aci's configured in my directory.
To debug the problem I enabled logging with level 128, and I am getting copious logs. I am some what able to make out what the logs mean, but in order to get the exact meaning I searched for some documentation about the logs entries. But could not find any.
One of my logs fragment looks like this:
=> access_allowed: write access to "dc=cse,dc
=com" "entry" requested
=> acl_get: [1] check attr entry
=> acl_get: [2] check attr entry
<= acl_get: [2] acl dc=cse,dc=com attr: entry
=> acl_mask: access to entry "dc=cse,dc=com", attr "entry" requested
=> acl_mask: to all values by "uid=mailadmin, dc=com", (=n)
<= check a_dn_pat: cn=admin,dc=com
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: write access denied by rea
d(=rscx)
(I have removed date/time etc)
Can some one tell me (or point to some documentation) from where I can understand what these logs mean?
Thanks for your time
raj