[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Required changes in 2.4.7 regarding ACLs when using authz-regexp?

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Required changes in 2.4.7 regarding ACLs when using authz-regexp?
From: Gavin Henry <ghenry@suretecsystems.com>
Date: Fri, 01 Feb 2008 21:15:19 +0000
Cc: openldap-software@openldap.org
In-reply-to: <479A07B2.70807@stroeder.com>
Organization: Suretec Systems Ltd.
References: <479A07B2.70807@stroeder.com>
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Michael Ströder wrote:

HI!
I tried to migrate an existing server from 2.3.39 to 2.4.7 (or also CVS RE24). I'm making use of authz-regexp to map user entries when they do a SASL Bind with DIGEST-MD5. Also some ACLs are in effect. This together used to work on 2.3.x with the existing ACLs.

With 2.4.7 this worked no longer. The user wasn't found. In the ACL debug log I've noticed that access to the search root database entry (suffix) is requested. When I explicitly grant auth access to this entry it works. But why is that needed? Was this an intended change?
Ciao, Michael.


Can you paste them?

--
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Follow-Ups:
- Re: Required changes in 2.4.7 regarding ACLs when using authz-regexp?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: cloning instances of openldap?
Next by Date: RE: large ldap server recommendation
Index(es):
- Chronological
- Thread