[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access with filters fails to honor some valid filters (ITS#2495)
Full_Name: Quanah Gibson-Mount
Version: 2.1.18
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)
I have added the following ACL to my slapd.acl file:
access to dn.children="cn=people,dc=stanford,dc=edu"
filter=("suprivilegegroup=stanford:*") attr=uid,suprivilegegroup
by dn.base="uid=cadabra,cn=accounts,dc=stanford,dc=edu"
by * break
I know that the filter "suprivilegegroup=stanford:*" is a valid filter since I
can execute this from the command line without problem (note I've tried this
both with and without the ""'s).
However, when I access the server as cadabra:
BIND dn="uid=cadabra,cn=accounts,dc=stanford,dc=edu" mech=GSSAPI (etc)
I see this from debug 5 in slapd:
bdb_cache_find_entry_id ( 182342 ) "SuRegID=8696e59cf61311d2a<etc>,
cn=People,dc=stanford,dc=edu" (found) (1 tries)
bdb_search: 182342 does not match filter
bdb_cache_return_entry_r ( 182342 ): returned 0
This is obviously incorrect... That entry does indeed match my filter:
ldapsearch uid=cadabra suprivilegegroup
returns
suPrivilegeGroup: stanford:administrative
--Quanah