Re: does back-sql bypass ACL ?

[Thomas Cramer <cramert@musc.edu>]

I've implemented openldap with sybase, and do not have these problems.  I 
can't totally recall without looking at the code (maybe Kurt knows better), 
but the access atributes are controlled by the "core" part of openldap.  I 
am using a slightly "older" openldap, but this is the schema I used:
access to attr=telephoneNumber
       by self read
       by anonymous auth
       by * none


--On Saturday, May 11, 2002 4:34 AM +0200 Frederic Saincy 
<freddy@lovelinux.org> wrote:

> Hi all,
>
> I have successfully installed a postgresql (7.2.1) backend to an
> openldap (2.0.23) using iodbc (3.0.6) helped with the excellent howto
> that you can find here:
>
> http://www.samse.fr/GPL/ldap_pg/
> (by the way, does these patches would be integrated ?)
>
> Here is my problem:
>
> in slapd.conf
>
> # this works. (can't use LDAP to update the database)
> # readonly on
>
> # this works (anonymous don't get telephoneNumber)
> access to attribute=telephoneNumber
>         by  cn=root,=sql,c=RU
>         by * none
>
>
> # this DOES NOT WORK
> # (even anonymous can add/delete entries, modify attributes... )
> access to *
>         by dn="cn=root,=sql,c=RU" write
>         by * read
>
>
> with ldbm, all works fine.
>
> I have read this:
>
> openldap-2.0.23/servers/slapd/back-sql/docs/*
> http://www.openldap.org/faq/data/cache/378.html
>
> I have search here:
>
> http://www.openldap.org/lists/openldap-software/
> http://www.google.org/
>
> But find no clue.
>
> Does people using Oracle, MS SQL Server experiencing same problems ?
> I can provide more information if needed.
>
> Bye.