[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: untoward change to ACL behavior (ITS#1921)

To: openldap-its@OpenLDAP.org
Subject: Re: untoward change to ACL behavior (ITS#1921)
From: Kurt@OpenLDAP.org
Date: Wed, 10 Jul 2002 23:50:13 GMT
Thanks for the detailed information.  Yes, there is a bug in
the ACL handling of 'to dn=""' and variants.  I've committed
a fix to HEAD branch which should resolve the problem.  Please
test.

Kurt

At 04:51 AM 2002-07-10, andrew.findlay@skills-1st.co.uk wrote:
>On Wed, Jul 10, 2002 at 03:52:28AM +0000, Kurt@OpenLDAP.org wrote:
>> 
>>  From the limited information in your report, I cannot possible
>> conclude your report is indicative of a software bug.  It is
>> more likely a simple configuration issue.  If you believe
>> there is a software (or documentation) bug, you should provide
>> enough information (configuration details, logs, etc.) to
>> convince developers that such does exist.
>
>I think there is a valid problem here. I have tested 2.1.2 with the
>ACL given in the example config file:
>
># Sample access control policy:
>#       Allow read access of root DSE
>#       Allow self write access
>#       Allow authenticated users read access
>#       Allow anonymous users to authenticate
># Directives needed to implement policy:
>access to dn="" by * read
>access to *
>       by self write
>       by users read
>       by anonymous auth
>#
>
>With slapd 2.1.2 this seems to allow anonymous users to read all entries,
>which it should not.
>
>Reading slapd.access(5) I think the first directive should be:
>
>        access to dn.base="" by * read
>
>but even with that in place, anon users can read all entries.
>
>I append a copy of my slapd.conf and a log extract showing what
>happens. The search command used was:
>
>        ldapsearch -C -x -H ldap://localhost:389/ -b dc=example,dc=org 'cn=*pathan*'
>
>Clearly the example ACL is not implementing the policy that is
>described for it.
>
>Andrew
>-- 
>-----------------------------------------------------------------------
>|                 From Andrew Findlay, Skills 1st Ltd                 |
>| Consultant in large-scale systems, networks, and directory services |
>|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |
>-----------------------------------------------------------------------
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23 2002/02/02 05:23:12 kurt Exp $
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include         /usr/local/etc/openldap/schema/core.schema
>include         /usr/local/etc/openldap/schema/cosine.schema
>include         /usr/local/etc/openldap/schema/inetorgperson.schema
>include         /usr/local/etc/openldap/schema/openldap.schema
>include         /usr/local/etc/openldap/schema/nis.schema
>
># loglevel 96
>loglevel 992
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral       ldap://root.openldap.org
>
>pidfile         /usr/local/var/slapd.pid
>argsfile        /usr/local/var/slapd.args
>
># Load dynamic backend modules:
># modulepath    /usr/local/libexec/openldap
># moduleload    back_ldap.la
># moduleload    back_ldbm.la
># moduleload    back_passwd.la
># moduleload    back_shell.la
>
>########################################################################
># SASL mapping
>########################################################################
>
>saslRegexp
>          uid=(.*),cn=brick.skills-1st.co.uk,cn=.*,cn=auth
>          ldap://localhost/dc=example,dc=org??sub?uid=$1
>
>########################################################################
># Access Control
>########################################################################
>#
># Sample access control policy:
>#       Allow read access of root DSE
>#       Allow self write access
>#       Allow authenticated users read access
>#       Allow anonymous users to authenticate
># Directives needed to implement policy:
>access to dn.base="" by * read
>access to *
>        by self write
>        by users read
>        by anonymous auth
>#
># if no access controls are present, the default policy is:
>#       Allow read by all
>#
># rootdn can always write!
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database        bdb
>suffix          "dc=example,dc=org"
>rootdn          "cn=DSAmgr,dc=example,dc=org"
>
># Cleartext passwords, especially for the rootdn, should
># be avoid.  See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
>rootpw          secret
># The database directory MUST exist prior to running slapd AND 
># should only be accessible by the slapd/tools. Mode 700 recommended.
>directory       /usr/local/var/openldap-data
># Indices to maintain
>index   default         pres,eq,sub
>index   objectClass     eq
>index   cn
>index   sn
>index   uid
>
>-----------------------------------------------------------------------
>
>Log extract showing SLAPD startup, anon bind, and search for cn=*pathan*
>
>Startup:
>
>Jul 10 12:32:21 brick slapd[10490]: daemon: socket() failed errno=97 (Address family not supported by protocol) 
>Jul 10 12:32:21 brick slapd[10490]: bdb_open: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001) 
>Jul 10 12:32:21 brick slapd[10490]: line 21 (pidfile ^I/usr/local/var/slapd.pid) 
>Jul 10 12:32:21 brick slapd[10490]: line 22 (argsfile /usr/local/var/slapd.args) 
>Jul 10 12:32:21 brick slapd[10490]: line 37 (saslRegexp          uid=(.*),cn=brick.skills-1st.co.uk,cn=.*,cn=auth          ldap://localhost/dc=example,dc=org??sub?uid=$1) 
>Jul 10 12:32:21 brick slapd[10490]: str2filter "uid=$1" 
>Jul 10 12:32:21 brick slapd[10490]: begin get_filter 
>Jul 10 12:32:21 brick slapd[10490]: EQUALITY 
>Jul 10 12:32:21 brick slapd[10490]: end get_filter 0 
>Jul 10 12:32:21 brick slapd[10490]: line 49 (access to dn.base="" by * read) 
>Jul 10 12:32:21 brick slapd[10490]: line 53 (access to * by self write by users read by anonymous auth) 
>Jul 10 12:32:21 brick slapd[10490]: line 64 (database bdb) 
>Jul 10 12:32:21 brick slapd[10490]: bdb_db_init: Initializing BDB database 
>Jul 10 12:32:21 brick slapd[10490]: line 65 (suffix ^I"dc=example,dc=org") 
>Jul 10 12:32:21 brick slapd[10490]: line 66 (rootdn ^I"cn=DSAmgr,dc=example,dc=org") 
>Jul 10 12:32:21 brick slapd[10490]: line 71 (rootpw ***) 
>Jul 10 12:32:21 brick slapd[10490]: line 74 (directory /usr/local/var/openldap-data) 
>Jul 10 12:32:21 brick slapd[10490]: line 76 (index default^I^Ipres,eq,sub) 
>Jul 10 12:32:21 brick slapd[10490]: line 77 (index objectClass^Ieq) 
>Jul 10 12:32:21 brick slapd[10490]: index objectClass 0x0004 
>Jul 10 12:32:21 brick slapd[10490]: line 78 (index cn) 
>Jul 10 12:32:21 brick slapd[10490]: index cn 0x0716 
>Jul 10 12:32:21 brick slapd[10490]: line 79 (index sn) 
>Jul 10 12:32:21 brick slapd[10490]: index sn 0x0716 
>Jul 10 12:32:21 brick slapd[10490]: line 80 (index uid) 
>Jul 10 12:32:21 brick slapd[10490]: index uid 0x0716 
>Jul 10 12:32:23 brick slapd[10492]: slapd starting 
>
>Anon bind:
>
>Jul 10 12:32:30 brick slapd[10495]: daemon: conn=0 fd=12 connection from IP=127.0.0.1:42800 (IP=0.0.0.0:389) accepted. 
>Jul 10 12:32:30 brick slapd[10498]: conn=0 op=0 BIND dn="" method=128 
>Jul 10 12:32:30 brick slapd[10498]: conn=0 op=0 RESULT tag=97 err=0 text= 
>
>Search:
>
>Jul 10 12:32:33 brick slapd[10498]: begin get_filter 
>Jul 10 12:32:33 brick slapd[10498]: SUBSTRINGS 
>Jul 10 12:32:33 brick slapd[10498]: begin get_substring_filter 
>Jul 10 12:32:33 brick slapd[10498]:   ANY 
>Jul 10 12:32:33 brick slapd[10498]: end get_substring_filter 
>Jul 10 12:32:33 brick slapd[10498]: end get_filter 0 
>Jul 10 12:32:33 brick slapd[10498]: conn=0 op=1 SRCH base="dc=example,dc=org" scope=2 filter="(cn=*pathan*)" 
>Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
>Jul 10 12:32:33 brick slapd[10498]: ^IAND 
>Jul 10 12:32:33 brick slapd[10498]: => bdb_list_candidates 0xa0 
>Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
>Jul 10 12:32:33 brick slapd[10498]: ^IDN SUBTREE 
>Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=-1 first=1 last=1003 
>Jul 10 12:32:33 brick slapd[10498]: => bdb_filter_candidates 
>Jul 10 12:32:33 brick slapd[10498]: ^ISUBSTRINGS 
>Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=1 first=1001 last=1001 
>Jul 10 12:32:33 brick slapd[10498]: <= bdb_list_candidates: undefined rc=0 
>Jul 10 12:32:33 brick slapd[10498]: <= bdb_filter_candidates: id=1 first=1001 last=1001 
>Jul 10 12:32:33 brick slapd[10498]: => test_filter 
>Jul 10 12:32:33 brick slapd[10498]:     SUBSTRINGS 
>Jul 10 12:32:33 brick slapd[10498]: begin test_substrings_filter 
>Jul 10 12:32:33 brick slapd[10498]: => access_allowed: search access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "cn" requested 
>Jul 10 12:32:33 brick slapd[10498]: => acl_get: [1] check attr cn 
>Jul 10 12:32:33 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: cn 
>Jul 10 12:32:33 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "cn" requested 
>Jul 10 12:32:33 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:33 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:33 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:33 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:33 brick slapd[10498]: => access_allowed: search access granted by read(=rscx) 
>Jul 10 12:32:33 brick slapd[10498]: <= test_filter 6 
>Jul 10 12:32:33 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "entry" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr entry 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: entry 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "entry" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "objectClass" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr objectClass 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: objectClass 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "objectClass" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "displayName" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr displayName 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: displayName 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "displayName" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "cn" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr cn 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: cn 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "cn" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "sn" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr sn 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: sn 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "sn" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "uid" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr uid 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: uid 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "uid" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "mail" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr mail 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: mail 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "mail" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access to "cn=Andrew Pathan+uid=u000997,dc=example,dc=org" "telephoneNumber" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_get: [1] check attr telephoneNumber 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_get: [1] acl cn=Andrew Pathan+uid=u000997,dc=example,dc=org attr: telephoneNumber 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: access to entry "cn=Andrew Pathan+uid=u000997,dc=example,dc=org", attr "telephoneNumber" requested 
>Jul 10 12:32:34 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:34 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:34 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:34 brick slapd[10498]: conn=0 op=1 ENTRY dn="cn=Andrew Pathan+uid=u000997,dc=example,dc=org" 
>Jul 10 12:32:34 brick slapd[10498]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 
>Jul 10 12:32:40 brick slapd[10498]: conn=0 op=2 UNBIND 
>Jul 10 12:32:40 brick slapd[10498]: conn=0 fd=12 closed 
>Jul 10 12:32:52 brick slapd[10495]: daemon: conn=1 fd=12 connection from IP=127.0.0.1:42801 (IP=0.0.0.0:389) accepted. 
>Jul 10 12:32:52 brick slapd[10498]: conn=1 op=0 BIND dn="" method=128 
>Jul 10 12:32:52 brick slapd[10498]: conn=1 op=0 RESULT tag=97 err=0 text= 
>Jul 10 12:32:52 brick slapd[10498]: begin get_filter 
>Jul 10 12:32:52 brick slapd[10498]: PRESENT 
>Jul 10 12:32:52 brick slapd[10498]: end get_filter 0 
>Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 SRCH base="" scope=0 filter="(objectClass=*)" 
>Jul 10 12:32:52 brick slapd[10498]: => test_filter 
>Jul 10 12:32:52 brick slapd[10498]:     PRESENT 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: search access to "" "objectClass" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr objectClass 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: objectClass 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "objectClass" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: search access granted by read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: <= test_filter 6 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access to "" "entry" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr entry 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: entry 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "entry" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access to "" "namingContexts" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_get: [1] check attr namingContexts 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_get: [1] acl  attr: namingContexts 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: access to entry "", attr "namingContexts" requested 
>Jul 10 12:32:52 brick slapd[10498]: => acl_mask: to all values by "", (=n)  
>Jul 10 12:32:52 brick slapd[10498]: <= check a_dn_pat: * 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] applying read(=rscx) (stop) 
>Jul 10 12:32:52 brick slapd[10498]: <= acl_mask: [1] mask: read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: => access_allowed: read access granted by read(=rscx) 
>Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 ENTRY dn="" 
>Jul 10 12:32:52 brick slapd[10498]: conn=1 op=1 RESULT tag=101 err=0 text= 
>Jul 10 12:32:52 brick slapd[10501]: conn=1 op=2 UNBIND 
>Jul 10 12:32:52 brick slapd[10501]: conn=1 fd=12 closed 
>-----------------------------------------------------------------------
>
>Result of ldapsearch command:
>
>#
># LDAPv3
># filter: cn=*pathan*
># requesting: ALL
>#
>
># Andrew Pathan + u000997, example.org
>dn: cn=Andrew Pathan+uid=u000997,dc=example,dc=org
>objectClass: inetOrgPerson
>objectClass: person
>displayName: Andrew Pathan
>cn: Andrew Pathan
>sn: Pathan
>uid: u000997
>mail: u000997@example.org
>telephoneNumber: +44 1234 567997
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>-----------------------------------------------------------------------
Prev by Date: Re: Problem with NON-ASCII chars in DNs when using OpenLDAP 2.1.x libs (ITS#1923)
Next by Date: TLS errors on valid certs (ITS#1934)
Index(es):
- Chronological
- Thread