[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssfs in acls not working



Fixed, please test, thanks.

At 02:43 PM 9/5/00 +0200, Michael Weiser wrote:
>Hi again,
>
>I don't know whether this is really a bug or I'm just too stupid, but ssfs
>in acls don't work for me. If I put something like this in my slapd.conf
>
>access to  
>dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
>    by dn="cn=Manager,o=org,c=de" ssf=112 write
>    by self ssf=112 =w
>    by * ssf=112 =x
>
>and then connect via ldaps I just get an insufficient permissions
>error. For now I worked around it using
>
>access to
>dn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
>    by dn="cn=Manager,o=org,c=de" sockurl="ldaps://.*" write
>    by self sockurl="ldaps://.*" =w
>    by * sockurl="ldaps://.*" =x
>
>I put some debug statements in the acl code and saw that the
>connection's ssf is set to 168 on connect but when the acl's ssf
>gets compared with the operation's ssf in acl_mask it's just 0 and
>therefore denies access. Unfortunately I don't know the code enough to
>see the relation between connections' and operations' ssfs.
>
>Thanks in advance.
>-- 
>bye, Micha