[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapacl question

To: OpenLDAP-software@OpenLDAP.org
Subject: slapacl question
From: TechnoSophos <technosophos@gmail.com>
Date: Tue, 22 Aug 2006 10:05:42 -0500
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rHy9U8H95EDcfiL8HvLJUreeQPQoau1E5DjoLgKt6juJHUHJ6+d5iZJaVECu/Z3I1h9uzV71KKMmJDBLTM1UlKCp0C3BOpPggvu5PvmUPs/PlmBKG3yPO4Dr+n8TpNlF9d/3KTJdHf5wHjnToKvnZM0s0zp/lb+uoKQhIhASywo=

When using the slapacl program to test ACLs, how come slapacl
inidcates that a  user has 'read' permissions when the ACL restricts
to 'auth' only?

###

# slapacl -D 'uid=matt,ou=Users,dc=example,dc=com' -b
'uid=barbara,ou=Users,dc=example,dc=com' -d acl 'cn/read'
Backend ACL: access to attrs=userPassword
       by anonymous auth
       by self write
       by * none

Backend ACL: access to attrs=cn
       by users auth
       by self write
       by * none

Backend ACL: access to *
       by self write
       by users read
       by * none

authcDN: "uid=matt,ou=users,dc=example,dc=com"
=> access_allowed: read access to "" "cn" requested
=> access_allowed: backend default read access granted to
"uid=matt,ou=users,dc=example,dc=com"
read access to cn: ALLOWED

###

Note that the same things happens if I substitute '=x' for 'auth' in the acl.

Thanks,

Matt

(OpenLDAP version: 2.3.25)

Follow-Ups:
- Re: slapacl question
  - From: TechnoSophos <technosophos@gmail.com>

Prev by Date: error on slapadd updating to 2.3.24 from 2.1.22
Next by Date: Re: Syncrepl out-of-sync detection.
Index(es):
- Chronological
- Thread