[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4599) Internal search results to access denied
As you are merely asking a software use question, this
issue report will be closed without developer action.
Please direct such questions to the OpenLDAP-software
mailing list.
Kurt
At 03:53 AM 6/27/2006, john_smyth@mail.ru wrote:
>Full_Name: John
>Version: 2.3.24
>OS: Linux 2.6.17
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (195.177.120.251)
>
>
>Hi!
>Excuse me for my English.
>
>Must internal search passes check ACL?
>
>
>content of slapd.conf
>...
>loglevel 424
>authz-regexp
> uid=(.*),cn=gssapi,cn=auth
> ldap:///ou=people,dc=example,dc=org??sub?(uid=$1)
>...
>
>
>Appropriate logs
>...
>Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND dn="" method=163
>Jun 27 13:50:45 main slapd[1752]: str2filter "(uid=user1)"
>Jun 27 13:50:45 main slapd[1752]: begin get_filter
>...
>Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access to
>"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" "uid" requested
>...
>Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access denied by
>none(=0)
>...
>Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND authcid="user1"
>authzid="user1"
>Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND
>dn="uid=user1,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
>Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 RESULT tag=97 err=0 text=
>...
>
>
>i.e. mapping "uid=user1,cn=gssapi,cn=auth" to
>"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" by authz-regexp does
>not work.