[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Required changes in 2.4.7 regarding ACLs when using authz-regexp?
- To: openldap-software@openldap.org
- Subject: Re: Required changes in 2.4.7 regarding ACLs when using authz-regexp?
- From: Michael Ströder <michael@stroeder.com>
- Date: Sat, 01 Mar 2008 11:52:19 +0100
- In-reply-to: <47C6D617.9090603@stroeder.com>
- References: <479A07B2.70807@stroeder.com> <47A38BE7.6030706@suretecsystems.com> <47C6D617.9090603@stroeder.com>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8
Michael Ströder wrote:
Gavin Henry wrote:
Michael Ströder wrote:
I tried to migrate an existing server from 2.3.39 to 2.4.7 (or also
CVS RE24). I'm making use of authz-regexp to map user entries when
they do a SASL Bind with DIGEST-MD5. Also some ACLs are in effect.
This together used to work on 2.3.x with the existing ACLs.
With 2.4.7 this worked no longer. The user wasn't found. In the ACL
debug log I've noticed that access to the search root database entry
(suffix) is requested. When I explicitly grant auth access to this
entry it works. But why is that needed? Was this an intended change?
Can you paste them?
I've prepared a simplified slapd.conf and a LDIF file (both attached)
for this particular migration issue.
As requested I've files an ITS for that:
http://www.openldap.org/its/index.cgi?findid=5400
Ciao, Michael.