[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slurpd question with GSSAPI
"Derek T. Yarnell" <derek@cs.umd.edu> writes:
> Sorry I ran into another problem with ACL's now, but from the debuging
> I can't tell why,
>
> bdb_dn2entry("cn=testgroup2,ou=groups,dc=csic,dc=umd,dc=edu")
> => bdb_dn2id( "cn=testgroup2,ou=groups,dc=csic,dc=umd,dc=edu" )
> <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
> (-30990)
> => access_allowed: write access to "ou=groups,dc=csic,dc=umd,dc=edu"
> "children" requested
Here, write access to "dn.children=ou=groups,dc=csic,dc=umd,dc=edu" is
requested
> => acl_get: [2] attr children
> => acl_mask: access to entry "ou=groups,dc=csic,dc=umd,dc=edu", attr
> "children" requested
> => acl_mask: to all values by "uid=host/torch.cs.umd.edu@csic.umd.edu,
> cn=cs.umd.edu,cn=gssapi,cn=auth", (=n)
> <= check a_dn_pat: uid=host/torch.cs.umd.edu@cs.umd.edu,cn=cs.umd.edu,
> cn=gssapi,cn=auth
> <= check a_dn_pat: uid=host/torch.cs.umd.edu@csic.umd.edu,cn=cs.umd.
> edu,cn=gssapi,cn=auth
> <= acl_mask: [2] applying +0 (stop)
> <= acl_mask: [2] mask: =n
parsing of acl's accepted rule 2 as matching
> => access_allowed: write access denied by =n
> bdb_add: no write access to parent
No write access to dn.base=ou=groups,,dc=csic,dc=umd,dc=edu
> send_ldap_result: conn=1 op=4 p=3
> send_ldap_response: msgid=5 tag=105 err=50
>
> it gives the right id, but then seems to not match either of the write
> acls.
[...]
>
> access to attrs=userPassword
> by * auth
>
> access to *
> by dn="uid=host/torch.cs.umd.edu@CS.UMD.EDU,cn=cs.umd.edu,
> cn=gssapi,cn=auth"
> by dn="uid=host/torch.cs.umd.edu@CSIC.UMD.EDU,cn=cs.umd.edu,
> cn=gssapi,cn=auth"
> by * read
[...]
rule 2 allows no write access.
-Dieter
--
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de