[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Looks like a bug 8'(



> Don't let the folks on the list guess:
> what exaclty were the circumstances ?
> - exact OpenLDAP version

I wish I know how to get the version - I would have reported it if I knew how to obtain it for
sure.
I know it's OpenLDAP 2.1.x, but I'm not sure of the build. Perhaps 2.1.4
I'm surprised slapd daemon does not have a -v or --version command line swtich: it will help.

> - Hardware (CPU)

AMD Athlon 1.1GHz on an AsusTech A7M266 motherboard as far as I remember (this is from a remote
server)

> - OS

Linux 2.4.18 SuSE 8.0 - but I've recompiled OpenLDAP from the source (SuSE 8.0 comes with
OpenLDAP 2.0.x and I need <= & >= comparison operators in filters)
I may have the configure log files somewhere. Would that help ?

> - your input

Something really basic with ldapsearch:

ldapsearch -D "uid=<login>,<baseDN>" -b "<baseDN>" -x -W 'cn=<aCN>'

I guess the problem comes from a specific ACL rule with cn and uid attributes involved

Something like:

loglevel 992
access to attr=uid,cn
       by group="cn=administrators,<baseDN>" write
       by users read
       by * read

The last-but-one line is useless, but I was trying different syntax at that time: I discovered
the problem by looking at the syslog output file some seconds later.

> Is the error reproduceable ?

Probably, but I did not keep the ACL that led to this issue. I should have, but I'm trying to
get the ACL to work for over than 1 month, so I focus on this main point since this is getting
really annoying: I wish I could focus on other issues than ACLs 8') ...
If I can reproduce this issue, I will keep the ACL.

Regards,
Emmanuel.