[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access with filters fails to honor some valid filters (ITS#2495)

To: openldap-its@OpenLDAP.org
Subject: Access with filters fails to honor some valid filters (ITS#2495)
From: quanah@stanford.edu
Date: Wed, 7 May 2003 17:06:28 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.1.18
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)


I have added the following ACL to my slapd.acl file:

access to dn.children="cn=people,dc=stanford,dc=edu"
filter=("suprivilegegroup=stanford:*") attr=uid,suprivilegegroup
by dn.base="uid=cadabra,cn=accounts,dc=stanford,dc=edu"
by * break

I know that the filter "suprivilegegroup=stanford:*" is a valid filter since I
can execute this from the command line without problem (note I've tried this
both with and without the ""'s).

However, when I access the server as cadabra:

BIND dn="uid=cadabra,cn=accounts,dc=stanford,dc=edu" mech=GSSAPI (etc)

I see this from debug 5 in slapd:

bdb_cache_find_entry_id ( 182342 ) "SuRegID=8696e59cf61311d2a<etc>,
cn=People,dc=stanford,dc=edu" (found) (1 tries)
bdb_search: 182342 does not match filter
bdb_cache_return_entry_r ( 182342 ): returned 0

This is obviously incorrect... That entry does indeed match my filter:

ldapsearch uid=cadabra suprivilegegroup
returns
suPrivilegeGroup: stanford:administrative

--Quanah

Prev by Date: test016-subref - failed - Tru64 5.1 (ITS#2494)
Next by Date: The indexing patch for large number of indexes didn't make it into 2.1.18 (ITS#2496)
Index(es):
- Chronological
- Thread