[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl entry causes segfault



Markus Krause wrote:
> Hi list!
> 
> i am using OpenLDAP 2.3.34-5.2 on a SLES10 server.
> in my LDAP database i am using the attribute "description" in some cases
> to store information which i do not want to be readable by everyone. to
> prevent it for all users but "admin" is use the following acl entry in
> slapd.conf:
> ---- slapd.conf
> access to attrs=description
>         by dn="cn=Admin,o=test" write
>         by group.exact="cn=Admingroup,ou=ACL,o=test" write
>         by * none
> ---- slapd.conf
> this works but denies access to all but admin and members of group
> admingroup.
> 
> the i tried to set the following acl which should only deny access to
> the description field in a subtree:
> ---- slapd.conf
> access to dn.subtree="ou=people,o=test" attrs=description
>         by dn="cn=Admin,o=test" write
>         by group.exact="cn=Admingroup,o=test" write
>         by * none
> ---- slapd.conf
> 
> this leads to a segmentation fault, the last lines of the debug output is:
> --- slapd -d 65535
> config_build_entry: "cn={9}misc"
> config_build_entry: "olcDatabase={-1}frontend"
> Segmentation fault
> ---
> so i obviously am doing something very wrong!
> 
> how can i allow or deny access to some attributes in a specific subtree?
> 
> thanks in advance for any hints!

You don't provide enough info to determine what's wrong.  You should
provide a stack backtrace (make sure you use a slapd compiled with
debugging symbols and not stripped) and a complete (sanitized) slapd.conf.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------