[Date Prev][Date Next] [Chronological] [Thread] [Top]

Decyphering openldap ACL logs



Hi,

I am working on configuring qmail-ldap and facing some permission problems with my ldap configuration. 

My  slapd.conf's acl section is some thing like 

access to attr=userPassword
        by anonymous auth

access to *
        by dn="cn=admin,dc=com" write
        by aci write
        by * read
with aci's configured in my directory. 

To debug the problem I enabled logging with level 128, and I am getting copious logs. I am some what able to make out what the logs mean, but in order to get the exact meaning I searched for some documentation about the logs entries. But could not find any. 

One of my logs fragment looks like this:
=> access_allowed: write access to "dc=cse,dc
=com" "entry" requested 
=> acl_get: [1] check attr entry 
=> acl_get: [2] check attr entry 
<= acl_get: [2] acl dc=cse,dc=com attr: entry
=> acl_mask: access to entry "dc=cse,dc=com", attr "entry" requested 
=> acl_mask: to all values by "uid=mailadmin, dc=com", (=n)  
<= check a_dn_pat: cn=admin,dc=com 
<= check a_dn_pat: * 
<= acl_mask: [3] applying read(=rscx) (stop) 
<= acl_mask: [3] mask: read(=rscx) 
=> access_allowed: write access denied by rea
d(=rscx) 

(I have removed date/time etc) 

Can some one tell me (or point to some documentation) from where I can understand what these logs mean?

Thanks for your time

raj