Sorry I ran into another problem with ACL's now, but from the debuging I
can't tell why,
bdb_dn2entry("cn=testgroup2,ou=groups,dc=csic,dc=umd,dc=edu")
=> bdb_dn2id( "cn=testgroup2,ou=groups,dc=csic,dc=umd,dc=edu" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)
=> access_allowed: write access to "ou=groups,dc=csic,dc=umd,dc=edu"
"children" requested
=> acl_get: [2] attr children
=> acl_mask: access to entry "ou=groups,dc=csic,dc=umd,dc=edu", attr
"children" requested
=> acl_mask: to all values by "uid=host/torch.cs.umd.edu@csic.umd.edu,
cn=cs.umd.edu,cn=gssapi,cn=auth", (=n)
<= check a_dn_pat: uid=host/torch.cs.umd.edu@cs.umd.edu,cn=cs.umd.edu,
cn=gssapi,cn=auth
<= check a_dn_pat: uid=host/torch.cs.umd.edu@csic.umd.edu,cn=cs.umd.
edu,cn=gssapi,cn=auth
<= acl_mask: [2] applying +0 (stop)
<= acl_mask: [2] mask: =n
=> access_allowed: write access denied by =n
bdb_add: no write access to parent
send_ldap_result: conn=1 op=4 p=3
send_ldap_response: msgid=5 tag=105 err=50
it gives the right id, but then seems to not match either of the write
acls.
sasl-regexp uid=(.*)@CSIC.UMD.EDU,cn=CS.UMD.EDU,cn=GSSAPI,cn=auth
ldap:///dc=csic,dc=umd,dc=edu??sub?uid=$1
sasl-regexp uid=(.*)@CS.UMD.EDU,cn=CS.UMD.EDU,cn=GSSAPI,cn=auth
ldap:///dc=cs,dc=umd,dc=edu??sub?uid=$1
sasl-regexp uid=(.*),cn=CS.UMD.EDU,cn=GSSAPI,cn=auth
ldap:///dc=cs,dc=umd,dc=edu??sub?uid=$1
sasl-regexp uid=(.*),cn=CSIC.UMD.EDU,cn=GSSAPI,cn=auth
ldap:///dc=csic,dc=umd,dc=edu??sub?uid=$1
sasl-realm CS.UMD.EDU
sasl-host ripper.cs.umd.edu
access to attrs=userPassword
by * auth
access to *
by dn="uid=host/torch.cs.umd.edu@CS.UMD.EDU,cn=cs.umd.edu,
cn=gssapi,cn=auth"
by dn="uid=host/torch.cs.umd.edu@CSIC.UMD.EDU,cn=cs.umd.edu,
cn=gssapi,cn=auth"
by * read