[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Showing ALL attribute values && ACI's
- To: openldap-software@OpenLDAP.org
- Subject: Showing ALL attribute values && ACI's
- From: Turbo Fredriksson <turbo@bayour.com>
- Date: 29 Jun 2004 11:02:35 +0200
- Organization: LDAP/Kerberos expert wannabe
- User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
I can't manage to get all the attribute values when using
ACI's...
Part of the LDIF:
----- s n i p -----
dn: uid=turbo,ou=People,o=Swe.Net AB,c=SE
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: mailRecipient
objectClass: shadowAccount
objectClass: trustAccount
OpenLDAPaci: 0#entry#grant;r,s,c;objectClass,[entry]#public#
OpenLDAPaci: 1#entry#grant;x;userPassword#public#
OpenLDAPaci: 2#entry#grant;c,x;krb5PrincipalName#public#
OpenLDAPaci: 3#entry#grant;r,s,c;uid,cn,accountStatus,uidNumber,gidNumber,gecos,homeDirectory,loginShell#public#
OpenLDAPaci: 4#entry#grant;r,s,c;mail,mailAlternateAddress,mailHost,mailQuotaSize,mailQuotaCount,accountStatus,deliveryMode,userPassword,mailMessageStore,deliveryProgramPath#access-id#uid=qmail,ou=People,o=Swe.Net AB,c=SE
OpenLDAPaci: 5#entry#grant;r,s,c;sn,givenName,homePostalAddress,mobile,homePhone,labeledURI,mailForwardingAddress,street,physicalDeliveryOfficeName,mailMessageStore,o,l,st,telephoneNumber,postalCode,title#users#
OpenLDAPaci: 6#entry#grant;w,r,s,c;sn,givenName,homePostalAddress,mobile,homePhone,labeledURI,mailForwardingAddress,street,physicalDeliveryOfficeName,o,l,st,telephoneNumber,postalCode,title,deliveryMode,userPassword#self#
OpenLDAPaci: 7#entry#grant;w,r,s,c,x;[all]#access-id#uid=turbo,ou=People,o=Swe.Net AB,c=SE
OpenLDAPaci: 8#entry#grant;w,r,s,c,x;[all]#access-id#uid=malin,ou=People,o=Swe.Net AB,c=SE
OpenLDAPaci: 9#entry#grant;w,r,s,c,x;[all]#access-id#uid=ma,ou=People,o=Swe.Net AB,c=SE
----- s n i p -----
The search string (and it's result):
----- s n i p -----
CHROOT/Woody-devel# ldapsearch -LLL uid=turbo objectClass
SASL/GSSAPI authentication started
SASL username: turbo@SWE.NET
SASL SSF: 56
SASL installing layers
dn: uid=turbo,ou=People,o=Swe.Net AB,c=SE
objectClass: person
----- s n i p -----
That's it! Only ONE line of 'objectClass'...
The output from 'slapd -d 128':
----- s n i p -----
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
=> dn: [1]
=> dn: [2]
=> dn: [3] cn=monitor
=> dn: [4] cn=monitor
=> dn: [5] cn=subschema
=> acl_get: [6] attr objectClass
access_allowed: no res from state (objectClass)
=> acl_mask: access to entry "uid=turbo,ou=People,o=Swe.Net AB,c=SE", attr "objectClass" requested
=> acl_mask: to value by "uid=turbo,ou=people,o=swe.net ab,c=se", (=n)
<= aci_mask grant =wrscx deny =n
<= acl_mask: [10] applying +wrscx (stop)
<= acl_mask: [10] mask: =wrscx
=> access_allowed: read access granted by =wrscx
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 1 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 2 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 3 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 4 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 5 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 6 not allowed
=> access_allowed: read access to "uid=turbo,ou=People,o=Swe.Net AB,c=SE" "objectClass" requested
<= acl_get: done.
=> access_allowed: no more rules
acl: access to attribute objectClass, value 7 not allowed
----- s n i p -----
Why do I get 'no more rules' and 'acl: access to attribute
objectClass, value [1-7] not allowed' here?
Is there something I've missed in the changes from 2.1 to
2.2 (this is a 2.2.11 server/client running in a chroot)?