[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: untoward change to ACL behavior (ITS#1921)

To: openldap-its@OpenLDAP.org
Subject: Re: untoward change to ACL behavior (ITS#1921)
From: andrew.findlay@skills-1st.co.uk
Date: Wed, 10 Jul 2002 11:51:33 GMT
On Wed, Jul 10, 2002 at 03:52:28AM +0000, Kurt@OpenLDAP.org wrote:
> 
>  From the limited information in your report, I cannot possible
> conclude your report is indicative of a software bug.  It is
> more likely a simple configuration issue.  If you believe
> there is a software (or documentation) bug, you should provide
> enough information (configuration details, logs, etc.) to
> convince developers that such does exist.

I think there is a valid problem here. I have tested 2.1.2 with the
ACL given in the example config file:

# Sample access control policy:
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn="" by * read
access to *
       by self write
       by users read
       by anonymous auth
#

With slapd 2.1.2 this seems to allow anonymous users to read all entries,
which it should not.

Reading slapd.access(5) I think the first directive should be:

	access to dn.base="" by * read

but even with that in place, anon users can read all entries.

I append a copy of my slapd.conf and a log extract showing what
happens. The search command used was:

	ldapsearch -C -x -H ldap://localhost:389/ -b dc=example,dc=org 'cn=*pathan*'

Clearly the example ACL is not implementing the policy that is
described for it.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |
-----------------------------------------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23 2002/02/02 05:23:12 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema
include		/usr/local/etc/openldap/schema/openldap.schema
include		/usr/local/etc/openldap/schema/nis.schema

# loglevel 96
loglevel 992

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/usr/local/var/slapd.pid
argsfile	/usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/libexec/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

########################################################################
# SASL mapping
########################################################################

saslRegexp
          uid=(.*),cn=brick.skills-1st.co.uk,cn=.*,cn=auth
          ldap://localhost/dc=example,dc=org??sub?uid=$1

########################################################################
# Access Control
########################################################################
#
# Sample access control policy:
#	Allow read access of root DSE
#	Allow self write access
#	Allow authenticated users read access
#	Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn.base="" by * read
access to *
	by self write
	by users read
	by anonymous auth
#
# if no access controls are present, the default policy is:
#	Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database	bdb
suffix		"dc=example,dc=org"
rootdn		"cn=DSAmgr,dc=example,dc=org"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory	/usr/local/var/openldap-data
# Indices to maintain
index	default		pres,eq,sub
index	objectClass	eq
index	cn
index	sn
index	uid

-----------------------------------------------------------------------

Log extract showing SLAPD startup, anon bind, and search for cn=*pathan*

Startup:

Jul 10 12:32:21 brick slapd[10490]: daemon: socket() failed errno=97 (Address family not supported by protocol) 
Jul 10 12:32:21 brick slapd[10490]: bdb_open: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001) 
Jul 10 12:32:21 brick slapd[10490]: line 21 (pidfile ^I/usr/local/var/slapd.pid) 
Jul 10 12:32:21 brick slapd[10490]: line 22 (argsfile /usr/local/var/slapd.args) 
Jul 10 12:32:21 brick slapd[10490]: line 37 (saslRegexp          uid=(.*),cn=brick.skills-1st.co.uk,cn=.*,cn=auth          ldap://localhost/dc=example,dc=org??sub?uid=$1) 
Jul 10 12:32:21 brick slapd[10490]: str2filter "uid=$1" 
Jul 10 12:32:21 brick slapd[10490]: begin get_filter 
Jul 10 12:32:21 brick slapd[10490]: EQUALITY 
Jul 10 12:32:21 brick slapd[10490]: end get_filter 0 
Jul 10 12:32:21 brick slapd[10490]: line 49 (access to dn.base="" by * read) 
Jul 10 12:32:21 brick slapd[10490]: line 53 (access to * by self write by users read by anonymous auth) 
Jul 10 12:32:21 brick slapd[10490]: line 64 (database bdb) 
Jul 10 12:32:21 brick slapd[10490]: bdb_db_init: Initializing BDB database 
Jul 10 12:32:21 brick slapd[10490]: line 65 (suffix ^I"dc=example,dc=org") 
Jul 10 12:32:21 brick slapd[10490]: line 66 (rootdn ^I"cn=DSAmgr,dc=example,dc=org") 
Jul 10 12:32:21 brick slapd[10490]: line 71 (rootpw ***) 
Jul 10 12:32:21 brick slapd[10490]: line 74 (directory /usr/local/var/openldap-data) 
Jul 10 12:32:21 brick slapd[10490]: line 76 (index default^I^Ipres,eq,sub) 
Jul 10 12:32:21 brick slapd[10490]: line 77 (index objectClass^Ieq) 
Jul 10 12:32:21 brick slapd[10490]: index objectClass 0x0004 
Jul 10 12:32:21 brick slapd[10490]: line 78 (index cn) 
Jul 10 12:32:21 brick slapd[10490]: index cn 0x0716 
Jul 10 12:32:21 brick slapd[10490]: line 79 (index sn) 
Jul 10 12:32:21 brick slapd[10490]: index sn 0x0716 
Jul 10 12:32:21 brick slapd[10490]: line 80 (index uid) 
Jul 10 12:32:21 brick slapd[10490]: index uid 0x0716 
Jul 10 12:32:23 brick slapd[10492]: slapd starting 

Anon bind:

Jul 10 12:32:30 brick slapd[10495]: daemon: conn=0 fd=12 connection from IP=127.0.0.1:42800 (IP=0.0.0.0:389) accepted. 
Jul 10 12:32:30 brick slapd[10498]: conn=0 op=0 BIND dn="" method=128 
Jul 10 12:32:30 brick slapd[10498]: conn=0 op=0 RESULT tag=97 err=0 text= 

Search:

Jul 10 12:32:33 brick slapd[10498]: begin get_filter 
Jul 10 12:32:33 brick slapd[10498]: SUBSTRINGS 
Jul 10 12:32:33 brick slapd[10498]: begin get_substring_filter 
Jul 10 12:32:33 brick slapd[10498]:   ANY 
Jul 10 12:32:33 brick slapd[10498]: end get_substring_filter 
Jul 10 12:32:33 brick slapd[10498]: end get_filter 0 
Jul 10 12:32:33 brick slapd[10498]: conn=0 op=1 SRCH base="dc=example,dc=org" scope=2 filter="(cn=*pathan*)" 
Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
Jul 10 12:32:33 brick slapd[10498]: ^IAND 
Jul 10 12:32:33 brick slapd[10498]: => bdb_list_candidates 0xa0 
Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
Jul 10 12:32:33 brick slapd[10498]: ^IDN SUBTREE 
Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=-1 first=1 last=1003 
Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
Jul 10 12:32:33 brick slapd[10498]: ^ISUBSTRINGS 
Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=1 first=1001 last=1001 
Jul 10 12:32:33 brick slapd[10498]: <= bdb_list_candidates: undefined rc=0 
Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=1 first=1001 last=1001 
Jul 10 12:32:33 brick slapd[10498]: => test_filter 
Jul 10 12:32:33 brick slapd[10498]:     SUBSTRINGS 
Jul 10 12:32:33 brick slapd[10498]: begin test_substrings_filter 
Jul 10 12:32:33 brick slapd[10498]: => access_allowed: search access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "cn" requested 
Jul 10 12:32:33 brick slapd[10498]: => acl_get: [1] check attr cn 
Jul 10 12:32:33 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: cn 
Jul 10 12:32:33 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "cn" requested 
Jul 10 12:32:33 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:33 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:33 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:33 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:33 brick slapd[10498]: => access_allowed: search access granted by read(=rscx) 
Jul 10 12:32:33 brick slapd[10498]: <= test_filter 6 
Jul 10 12:32:33 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "entry" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr entry 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: entry 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "entry" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "objectClass" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr objectClass 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: objectClass 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "objectClass" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "displayName" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr displayName 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: displayName 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "displayName" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "cn" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr cn 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: cn 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "cn" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "sn" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr sn 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: sn 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "sn" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "uid" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr uid 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: uid 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "uid" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "mail" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr mail 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: mail 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "mail" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "telephoneNumber" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr telephoneNumber 
Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: telephoneNumber 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "telephoneNumber" requested 
Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:34 brick slapd[10498]: conn=0 op=1 ENTRY dn="cn=Andrew Pathan+uid=u000997,dc=example,dc=org" 
Jul 10 12:32:34 brick slapd[10498]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 
Jul 10 12:32:40 brick slapd[10498]: conn=0 op=2 UNBIND 
Jul 10 12:32:40 brick slapd[10498]: conn=0 fd=12 closed 
Jul 10 12:32:52 brick slapd[10495]: daemon: conn=1 fd=12 connection from IP=127.0.0.1:42801 (IP=0.0.0.0:389) accepted. 
Jul 10 12:32:52 brick slapd[10498]: conn=1 op=0 BIND dn="" method=128 
Jul 10 12:32:52 brick slapd[10498]: conn=1 op=0 RESULT tag=97 err=0 text= 
Jul 10 12:32:52 brick slapd[10498]: begin get_filter 
Jul 10 12:32:52 brick slapd[10498]: PRESENT 
Jul 10 12:32:52 brick slapd[10498]: end get_filter 0 
Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 SRCH base="" scope=0 filter="(objectClass=*)" 
Jul 10 12:32:52 brick slapd[10498]: => test_filter 
Jul 10 12:32:52 brick slapd[10498]:     PRESENT 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: search access to "" "objectClass" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr objectClass 
Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: objectClass 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "objectClass" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: search access granted by read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: <= test_filter 6 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access to "" "entry" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr entry 
Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: entry 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "entry" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access to "" "namingContexts" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr namingContexts 
Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: namingContexts 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "namingContexts" requested 
Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 ENTRY dn="" 
Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 RESULT tag=101 err=0 text= 
Jul 10 12:32:52 brick slapd[10501]: conn=1 op=2 UNBIND 
Jul 10 12:32:52 brick slapd[10501]: conn=1 fd=12 closed 
-----------------------------------------------------------------------

Result of ldapsearch command:

#
# LDAPv3
# filter: cn=*pathan*
# requesting: ALL
#

# Andrew Pathan + u000997, example.org
dn: cn=Andrew Pathan+uid=u000997,dc=example,dc=org
objectClass: inetOrgPerson
objectClass: person
displayName: Andrew Pathan
cn: Andrew Pathan
sn: Pathan
uid: u000997
mail: u000997@example.org
telephoneNumber: +44 1234 567997

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
-----------------------------------------------------------------------
Prev by Date: Re: Problem with NON-ASCII chars in DNs when using OpenLDAP 2.1.x libs (ITS#1923)
Next by Date: Re: access to ... attrs=entry,attr1,attr2 not restricting access properly (ITS#1925)
Index(es):
- Chronological
- Thread