[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Incremental ACLs somehow do not work

To: openldap-technical@openldap.org
Subject: Re: Incremental ACLs somehow do not work
From: Christian Marg <marg@rz.tu-clausthal.de>
Date: Sat, 31 May 2014 09:43:22 +0200
Dkim-signature: v=1; a=rsa-sha1; c=simple; d=rz.tu-clausthal.de; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=dkim1; bh=mWh8VNz50rWJYR+r2iPl0BY86 Mc=; b=SStk8myqKwzgPb4+Y+SB2ren1oBmGsSNX0jnrto7fr2/AphVCJVTbsbjm KSkayvejwilgEpxN3/L+r1uK05ScpohHcBWAaq5VFNeTEdxqKoZO5xa1MWgaOpwa /cQUsfzVzUaPo9KrC7bo5/oYVOdC6OvSkrFNY1Oc9BrZZ8dwdY=
Domainkey-signature: a=rsa-sha1; c=simple; d=rz.tu-clausthal.de; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; q=dns; s=dkim1; b=IXiannZjQqIvjFbri3V oRUPBj5MGoku/iZdtaABy9ZLXjGcymdBJZlxM/dr/bGhtUsgehj0yLX3QA+WLlKS 52et/HnhZzVYcM0RwStEePjGeXA3hyZsLx8pomGAq/Lv39YA83bnt6oMAkfnNA66 YZOcyQ3kmKHrWSPZJWu+iTXQ=
In-reply-to: <1966510.zsydqAK9ag@keks>
References: <19760536.XWADOp4Vvk@keks> <1966510.zsydqAK9ag@keks>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

Hello Dominik,

On 29.05.2014 20:14, Dominik George wrote:
> # slapacl -v -b cn=nslcd,dc=teckids,dc=org entry/read read access to
> entry: DENIED

> For me this looks like a bug, but maybe I am doing somwthing entirely
> wrong?

Look close: Read access to "entry" denied.

The ACLs you posted don't allow access to the "entry" pseudo attribute:
====8<====8<====8<====8<====
There are two special pseudo attributes "entry" and "children". To read
(and hence return) a target entry, the subject must have read access to
the target's "entry" attribute. [...] The complete examples at the end
of this section should help clear things up.
====8<====8<====8<====8<====
http://www.openldap.org/doc/admin24/access-control.html

kind regards,

Christian Marg
-- 
Christian Marg                  Hotline : 05323/72-2626
Rechenzentrum TU Clausthal      Fon     : 05323/72-4883
D-38678 Clausthal-Zellerfeld    Mobil   : 05323/72-914883
http://www.tu-clausthal.de      Fax     : 05323/72-994883

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Incremental ACLs somehow do not work
  - From: Dominik George <nik@naturalnet.de>
- Re: Incremental ACLs somehow do not work
  - From: Dominik George <nik@naturalnet.de>

Prev by Date: Re: ITS #7161, ppolicy pwdFailureTime resolution should be better than 1 second
Index(es):
- Chronological
- Thread