[Date Prev][Date Next] [Chronological] [Thread] [Top]
Number of ssl connections

To: <openldap-software@OpenLDAP.org>
Subject: Number of ssl connections
From: "Raghu Babu" <rmovva@waterford.org>
Date: Wed, 7 Mar 2001 13:06:21 +0530
References: <200203070228.g272SAju033476@mippet.ci.com.au>
Hi all,
    Can anyone tell me how many ssl connections can be possible with open
ldap server.
I have heard somewhere that openldap crawls and works very slowly after 2
ssl connections.
Is that true?.  Please suggest

with regards
M.Raghu Babu
Sr.Software Engineer
Waterford Institute

----- Original Message -----
From: Christine Robertson <chris@coreng.com.au>
To: <openldap-software@OpenLDAP.org>
Sent: Thursday, March 07, 2002 7:58 AM
Subject: ACL userPassword Problem Re-Visited


> Hi All,
>
> This is a long post; sorry, but I need to show the traces.
> I have now worked out why, although apparently binding
> successfully as the record DN, I could not see the
> userPassword attribute of my posixAccount record.
> Incidentally, this is OpenLDAP 2.0.22 on FreeBSD 4.5.
>
> The problem lies with our setup.  We have 7 directories,
> 6 with suffixes of the form dc=au,dc=cordoors,dc=com,
> and a master directory of dc=cordoors,dc=com which
> contains references to the other 6 directories,
> thus enabling us to look up records with the generic
> base of "dc=cordoors,dc=com."
>
> Here is our slapd.conf:
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
> #
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/ci.schema
>
> # Define global ACLs to disable default read access.
>
> access to attrs=userPassword
> by self write
> by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com" write
> by anonymous auth
> by * none
> access to attrs=entry
> by self write
> by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com" write
> by * read
> access to "dn=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com"
> by self write
> by * read
> access to "dn=uid=.*,dc=..,dc=cordoors,dc=com"
> by self write
> by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com" write
> by * read
> access to *
> by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com" write
> by * read
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral        ldap://root.openldap.org:389
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> #loglevel 140
>
> sizelimit 1000
>
> defaultsearchbase dc=cordoors,dc=com
>
> # Load dynamic backend modules:
>   modulepath /usr/local/libexec/openldap
> # moduleload back_ldap.la
>   moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #######################################################################
> # ldbm database definitions
> # The database directories MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> #######################################################################
>
> password-hash {MD5}
>
> #######################################################################
> # DO NOT CHANGE BELOW THIS NOTICE.  The rest of this configuration
> # is generated automatically and changes will be lost.
> #######################################################################
>
> include /usr/local/etc/openldap/schema/sendmail.schema
>
> database ldbm
> suffix "dc=au,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/au
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=au,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
>
> database ldbm
> suffix "dc=my,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/my
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=my,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
>
> database ldbm
> suffix "dc=id,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/id
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=id,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
>
> database ldbm
> suffix "dc=sg,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/sg
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=sg,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
>
> database ldbm
> suffix "dc=th,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/th
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=th,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
> database ldbm
> suffix "dc=us,dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/us
>
> cachesize 5000
> dbcachesize 500000
>
> index gecos,employeeNumber,uid,uidNumber,sn,cn,ciApp,ciHost eq
> index objectClass eq
>
> replogfile /usr/local/etc/openldap/replog/log
> replica host=slavehost.ci.com.au:389
> binddn="cn=xxxxx,dc=us,dc=cordoors,dc=com"
> bindmethod=simple credentials=yyyyy
>
> ##################################################
>
> database ldbm
> suffix "dc=cordoors,dc=com"
> rootdn "cn=zzzzz,dc=cordoors,dc=com"
> rootpw {MD5}aaaaaaaaaaaaaaa
>
> directory /usr/openldap-ldbm/master
>
> cachesize 5000
> dbcachesize 500000
>
> index objectClass,dc,ciHost eq
>
> ##################################################
>
> Now, if I (apparently successfully) bind as my posixAccount
> user, and ask to see my password, interesting things happen.
>
> The query
> ldapsearch -x -C -LLL -w mypassword -D uid=chris,dc=au,dc=cordoors,dc=com
\
>     '(&(objectclass=posixaccount)(uid=chris))' userPassword
>
> returns only the dn, no userPassword.  But if I specify the
> search base, all is well and I can see the password attribute:
>
> ldapsearch -x -C -LLL -w mypassword -D uid=chris,dc=au,dc=cordoors,dc=com
\
>     -b dc=au,dc=cordoors,dc=com '(&(objectclass=posixaccount)(uid=chris))'
userPassword
>
> Running slapd -d 128, I get thfollowing trace when things work:
>
> ---------------------------------------------------------------
> Global ACL: access to attrs=userPassword
> by self write (=wrscx)
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by anonymous auth (=x)
> by * none (=n)
>
> Global ACL: access to attrs=entry
> by self write (=wrscx)
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> by self write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to
dn.regex=employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to *
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> slapd starting
> => access_allowed: auth access to "uid=chris,dc=au,dc=cordoors,dc=com"
"userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=chris,dc=au,dc=cordoors,dc=com attr: userPassword
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"userPassword" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: anonymous
> <= acl_mask: [3] applying auth (=x) (stop)
> <= acl_mask: [3] mask: auth (=x)
> => access_allowed: auth access granted by auth (=x)
> ber_flush: 14 bytes to sd 13
> => access_allowed: search access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr objectClass
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: search access granted by read (=rscx)
> => access_allowed: search access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr uid
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: search access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"entry" requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl uid=chris,dc=au,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"entry" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= acl_mask: [1] applying write (=wrscx) (stop)
> <= acl_mask: [1] mask: write (=wrscx)
> => access_allowed: read access granted by write (=wrscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr objectClass
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr objectClass
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uidNumber" requested
> => acl_get: [1] check attr uidNumber
> => acl_get: [2] check attr uidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr uidNumber
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uidNumber" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uidNumber" requested
> => acl_get: [1] check attr uidNumber
> => acl_get: [2] check attr uidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr uidNumber
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uidNumber" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gidNumber" requested
> => acl_get: [1] check attr gidNumber
> => acl_get: [2] check attr gidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr gidNumber
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gidNumber" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gidNumber" requested
> => acl_get: [1] check attr gidNumber
> => acl_get: [2] check attr gidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr gidNumber
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gidNumber" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"homeDirectory" requested
> => acl_get: [1] check attr homeDirectory
> => acl_get: [2] check attr homeDirectory
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr homeDirectory
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: homeDirectory
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"homeDirectory" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"homeDirectory" requested
> => acl_get: [1] check attr homeDirectory
> => acl_get: [2] check attr homeDirectory
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr homeDirectory
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: homeDirectory
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"homeDirectory" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"loginShell" requested
> => acl_get: [1] check attr loginShell
> => acl_get: [2] check attr loginShell
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr loginShell
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: loginShell
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"loginShell" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"loginShell" requested
> => acl_get: [1] check attr loginShell
> => acl_get: [2] check attr loginShell
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr loginShell
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: loginShell
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"loginShell" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gecos" requested
> => acl_get: [1] check attr gecos
> => acl_get: [2] check attr gecos
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr gecos
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gecos
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gecos" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gecos" requested
> => acl_get: [1] check attr gecos
> => acl_get: [2] check attr gecos
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr gecos
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gecos
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gecos" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"cn" requested
> => acl_get: [1] check attr cn
> => acl_get: [2] check attr cn
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr cn
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: cn
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"cn" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"cn" requested
> => acl_get: [1] check attr cn
> => acl_get: [2] check attr cn
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr cn
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: cn
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"cn" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr uid
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] employeeNumber=.*,ou=.*,ou=.*,dc=..,dc=cordoors,dc=com nsub:
0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr uid
> <= acl_get: [6] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=chris,dc=au,dc=cordoors,dc=com attr: userPassword
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"userPassword" requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= acl_mask: [1] applying write (=wrscx) (stop)
> <= acl_mask: [1] mask: write (=wrscx)
> => access_allowed: read access granted by write (=wrscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=chris,dc=au,dc=cordoors,dc=com attr: userPassword
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"userPassword" requested
> => acl_mask: to value by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= acl_mask: [1] applying write (=wrscx) (stop)
> <= acl_mask: [1] mask: write (=wrscx)
> => access_allowed: read access granted by write (=wrscx)
> ber_flush: 282 bytes to sd 13
> ber_flush: 14 bytes to sd 13
> slapd shutdown: waiting for 0 threads to terminate
> slapd stopped.
> -------------------------------------------------------------------
> which shows a perfectly good bind and retrieve as expected.  The trace
below,
> however, starts out with a good bind, but loses the bind id once the
> references have all been checked and the possible directories found.  By
> the time we are searching the dc=xx,dc=cordoors,dc=com directories, we
> are effectively bound anonymously (at least, this is what I *think* the
> trace shows).
>
> Is this so?  If so, is this what's meant to happen?  Why does it do
> this?  Any way to get around it?  It's not a drastic thing, but it
> sure is counter-intuitive.
>
> --Chris Robertson
> Corinthian Engineering
>
> -------------------------------------------------------------------
>
> Global ACL: access to attrs=userPassword
> by self write (=wrscx)
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by anonymous auth (=x)
> by * none (=n)
>
> Global ACL: access to attrs=entry
> by self write (=wrscx)
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> by self write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to dn.regex=uid=.*,dc=..,dc=cordoors,dc=com
> by self write (=wrscx)
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> Global ACL: access to *
> by dn.regex=uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write (=wrscx)
> by * read (=rscx)
>
> slapd starting
> => access_allowed: auth access to "uid=chris,dc=au,dc=cordoors,dc=com"
"userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=chris,dc=au,dc=cordoors,dc=com attr: userPassword
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"userPassword" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: anonymous
> <= acl_mask: [3] applying auth (=x) (stop)
> <= acl_mask: [3] mask: auth (=x)
> => access_allowed: auth access granted by auth (=x)
> ber_flush: 14 bytes to sd 13
> => access_allowed: read access to "dc=au,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=au,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=au,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=au,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=au,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=au,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> => access_allowed: read access to "dc=my,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=my,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=my,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=my,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=my,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=my,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> => access_allowed: read access to "dc=id,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=id,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=id,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=id,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=id,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=id,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> => access_allowed: read access to "dc=th,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=th,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=th,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=th,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=th,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=th,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> => access_allowed: read access to "dc=sg,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=sg,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=sg,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=sg,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=sg,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=sg,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> => access_allowed: read access to "dc=us,dc=cordoors,dc=com" "entry"
requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=us,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "dc=us,dc=cordoors,dc=com", attr "entry"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "dc=us,dc=cordoors,dc=com" "ref"
requested
> => acl_get: [1] check attr ref
> => acl_get: [2] check attr ref
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [5] ciHost=[a-z][a-z]*,dc=cordoors,dc=com nsub: 0
> => acl_get: [6] check attr ref
> <= acl_get: [6] acl dc=us,dc=cordoors,dc=com attr: ref
> => acl_mask: access to entry "dc=us,dc=cordoors,dc=com", attr "ref"
requested
> => acl_mask: to all values by "UID=CHRIS,DC=AU,DC=CORDOORS,DC=COM", (=n)
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [2] applying read (=rscx) (stop)
> <= acl_mask: [2] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> ber_flush: 61 bytes to sd 13
> ber_flush: 14 bytes to sd 13
> ber_flush: 14 bytes to sd 20
> => access_allowed: search access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr objectClass
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: search access granted by read (=rscx)
> => access_allowed: search access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr uid
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: search access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"entry" requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl uid=chris,dc=au,dc=cordoors,dc=com attr: entry
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"entry" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr objectClass
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"objectClass" requested
> => acl_get: [1] check attr objectClass
> => acl_get: [2] check attr objectClass
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr objectClass
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: objectClass
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"objectClass" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uidNumber" requested
> => acl_get: [1] check attr uidNumber
> => acl_get: [2] check attr uidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr uidNumber
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uidNumber" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uidNumber" requested
> => acl_get: [1] check attr uidNumber
> => acl_get: [2] check attr uidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr uidNumber
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uidNumber" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gidNumber" requested
> => acl_get: [1] check attr gidNumber
> => acl_get: [2] check attr gidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr gidNumber
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gidNumber" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gidNumber" requested
> => acl_get: [1] check attr gidNumber
> => acl_get: [2] check attr gidNumber
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr gidNumber
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gidNumber
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gidNumber" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"homeDirectory" requested
> => acl_get: [1] check attr homeDirectory
> => acl_get: [2] check attr homeDirectory
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr homeDirectory
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: homeDirectory
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"homeDirectory" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"homeDirectory" requested
> => acl_get: [1] check attr homeDirectory
> => acl_get: [2] check attr homeDirectory
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr homeDirectory
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: homeDirectory
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"homeDirectory" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"loginShell" requested
> => acl_get: [1] check attr loginShell
> => acl_get: [2] check attr loginShell
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr loginShell
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: loginShell
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"loginShell" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"loginShell" requested
> => acl_get: [1] check attr loginShell
> => acl_get: [2] check attr loginShell
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr loginShell
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: loginShell
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"loginShell" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gecos" requested
> => acl_get: [1] check attr gecos
> => acl_get: [2] check attr gecos
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr gecos
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gecos
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gecos" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"gecos" requested
> => acl_get: [1] check attr gecos
> => acl_get: [2] check attr gecos
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr gecos
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: gecos
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"gecos" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"cn" requested
> => acl_get: [1] check attr cn
> => acl_get: [2] check attr cn
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr cn
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: cn
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"cn" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"cn" requested
> => acl_get: [1] check attr cn
> => acl_get: [2] check attr cn
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr cn
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: cn
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"cn" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr uid
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"uid" requested
> => acl_get: [1] check attr uid
> => acl_get: [2] check attr uid
> => dnpat: [3] uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com nsub: 0
> => dnpat: [4] uid=.*,dc=..,dc=cordoors,dc=com nsub: 0
> => acl_get: [4] matched
> => acl_get: [4] check attr uid
> <= acl_get: [4] acl uid=chris,dc=au,dc=cordoors,dc=com attr: uid
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"uid" requested
> => acl_mask: to value by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read (=rscx) (stop)
> <= acl_mask: [3] mask: read (=rscx)
> => access_allowed: read access granted by read (=rscx)
> => access_allowed: read access to "uid=chris,dc=au,dc=cordoors,dc=com"
"userPassword" requested
> => acl_get: [1] check attr userPassword
> <= acl_get: [1] acl uid=chris,dc=au,dc=cordoors,dc=com attr: userPassword
> => acl_mask: access to entry "uid=chris,dc=au,dc=cordoors,dc=com", attr
"userPassword" requested
> => acl_mask: to all values by "", (=n)
> <= check a_dn_pat: self
> <= check a_dn_pat: uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com
> <= check a_dn_pat: anonymous
> <= acl_mask: [3] applying auth (=x) (stop)
> <= acl_mask: [3] mask: auth (=x)
> => access_allowed: read access denied by auth (=x)
> acl: access to attribute userPassword not allowed
> ber_flush: 253 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> ber_flush: 14 bytes to sd 20
> slapd shutdown: waiting for 0 threads to terminate
> slapd stopped.
> ----------------------------------------------------------------------
>
References:
- ACL userPassword Problem Re-Visited
  - From: Christine Robertson <chris@coreng.com.au>
Prev by Date: ACL userPassword Problem Re-Visited
Next by Date: Re: Trouble using booleans
Index(es):
- Chronological
- Thread