[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Decyphering openldap ACL logs

To: openldap-software@OpenLDAP.org
Subject: Re: Decyphering openldap ACL logs
From: Ace Suares <ace@suares.nl>
Date: Thu, 29 Apr 2004 10:43:48 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <63e9c5fa4a.5fa4a63e9c@asianetindia.com>
Organization: Ace Suares' Internet Consultancy
References: <63e9c5fa4a.5fa4a63e9c@asianetindia.com>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

maybe you better direct your question to the mailing list for qmail-ldap, at 
www.qmail-ldap.org. There are archives of the mailinglist, too.

Pierangelo wrote a tool to check ACL's which is in the openldap CVS somewhere.

Greetings,

Ace



> Hi,
>
> I am working on configuring qmail-ldap and facing some permission problems
> with my ldap configuration.
>
> My  slapd.conf's acl section is some thing like
>
> access to attr=userPassword
>         by anonymous auth
>
> access to *
>         by dn="cn=admin,dc=com" write
>         by aci write
>         by * read
> with aci's configured in my directory.
>
> To debug the problem I enabled logging with level 128, and I am getting
> copious logs. I am some what able to make out what the logs mean, but in
> order to get the exact meaning I searched for some documentation about the
> logs entries. But could not find any.
>
> One of my logs fragment looks like this:
> => access_allowed: write access to "dc=cse,dc
> =com" "entry" requested
> => acl_get: [1] check attr entry
> => acl_get: [2] check attr entry
> <= acl_get: [2] acl dc=cse,dc=com attr: entry
> => acl_mask: access to entry "dc=cse,dc=com", attr "entry" requested
> => acl_mask: to all values by "uid=mailadmin, dc=com", (=n)
> <= check a_dn_pat: cn=admin,dc=com
> <= check a_dn_pat: *
> <= acl_mask: [3] applying read(=rscx) (stop)
> <= acl_mask: [3] mask: read(=rscx)
> => access_allowed: write access denied by rea
> d(=rscx)
>
> (I have removed date/time etc)
>
> Can some one tell me (or point to some documentation) from where I can
> understand what these logs mean?
>
> Thanks for your time
>
> raj

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAkRSky7boE8xtIjURAvGkAJoDVHYxHdXk7jmZG8/Rb4aZFPOGKACeJ9a1
stD7ZGUJpp/wKrsrfUTQRMg=
=O/i0
-----END PGP SIGNATURE-----

References:
- Decyphering openldap ACL logs
  - From: rajkumars@asianetindia.com

Prev by Date: Decyphering openldap ACL logs
Next by Date: Re: Connection limit
Index(es):
- Chronological
- Thread