[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL OK in 2.0/2.1 not OK in 2.2

To: openldap-software@OpenLDAP.org
Subject: ACL OK in 2.0/2.1 not OK in 2.2
From: lugzug@lenin.net
Date: Tue, 22 Jun 2004 16:33:51 -0700 (PDT)

I have a little test server using OpenLDAP as a NIS replacment.

I've been able to use the ACLs below for quite some time with no troubles.
When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
syntax error on line 13.  The error message is "bad DN "()" in to DN
clause".

I've tried changing the ACL line to "access to dn.base="" by * read". That
parses OK, but my clients are broken.

On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
and /etc/group equiv).

 1 access to attr=userPassword
 2         by self write
 3         by anonymous auth
 4
 5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
 6         by self write
 7         by users read
 8
 9 access to dn="uid=.*,dc=com" attr=mail
10         by users read
11         by * none
12
13 access to dn=() by * read
14
15 access to *
16         by users read
17         by anonymous none

All help, comments, suggestions, greatly appreciated.

Follow-Ups:
- Re: ACL OK in 2.0/2.1 not OK in 2.2
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL OK in 2.0/2.1 not OK in 2.2
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: ACL OK in 2.0/2.1 not OK in 2.2
  - From: Peter Schober <peter.schober@univie.ac.at>

Prev by Date: RE: HEAD doesn't handle escaped characters properly?
Next by Date: Re: ACL OK in 2.0/2.1 not OK in 2.2
Index(es):
- Chronological
- Thread