[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Challenge With Access Control
Tried your suggestion. Search still fails. Here is the log:
entry_decode: "SFTid=0001-00000000,ou=servers,o=sft"
Jul 5 11:05:09 ias2 slapd[11516]: <=
entry_decode(SFTid=0001-00000000,ou=servers,o=sft)
Jul 5 11:05:09 ias2 slapd[11516]: =>
bdb_dn2id("SFTid=0001-00000000,ou=servers,o=sft")
Jul 5 11:05:09 ias2 slapd[11516]: <= bdb_dn2id: got id=0x0000002f
Jul 5 11:05:09 ias2 slapd[11516]: => test_filter
Jul 5 11:05:09 ias2 slapd[11516]: EQUALITY
Jul 5 11:05:09 ias2 slapd[11516]: => access_allowed: search access to
"SFTid=0001-00000000,ou=servers,o=sft" "SFTid" requested
Jul 5 11:05:09 ias2 slapd[11516]: => acl_get: [1] attr SFTid
Jul 5 11:05:09 ias2 slapd[11516]: => acl_mask: access to entry
"SFTid=0001-00000000,ou=servers,o=sft", attr "SFTid" requested
Jul 5 11:05:09 ias2 slapd[11516]: => acl_mask: to value by "", (=0)
Jul 5 11:05:09 ias2 slapd[11516]: <= check a_dn_pat: self
Jul 5 11:05:09 ias2 slapd[11516]: <= check a_peername_path: 10.16.13.84
Jul 5 11:05:09 ias2 slapd[11516]: <= check a_peername_path:
^IP=10.16.13.8[1-6]:
Jul 5 11:05:09 ias2 slapd[11516]: => acl_string_expand: pattern:
^IP=10.16.13.8[1-6]:
Jul 5 11:05:09 ias2 slapd[11516]: => acl_string_expand: expanded:
^IP=10.16.13.8[1-6]:
Jul 5 11:05:09 ias2 slapd[11516]: => regex_matches: string:^I
IP=127.0.0.1:46724
Jul 5 11:05:09 ias2 slapd[11516]: => regex_matches: rc: 1 no matches
Jul 5 11:05:09 ias2 slapd[11516]: <= acl_mask: no more <who> clauses,
returning =0 (stop)
Jul 5 11:05:09 ias2 slapd[11516]: => access_allowed: search access
denied by =0
Jul 5 11:05:09 ias2 slapd[11516]: <= test_filter 50
Jul 5 11:05:09 ias2 slapd[11516]: bdb_search: 47 does not match filter
-----Original Message-----
From: Hallvard [mailto:h.b.furuseth@usit.uio.no]
Sent: Thursday, July 05, 2007 10:27 AM
To: Brian Gaber
Cc: openldap-software@openldap.org
Subject: Re: Challenge With Access Control
Brian Gaber writes:
> access to *
> by self write
> by peername=10.16.13.84 write
> by peername=10.16.13.81 read
> by peername=10.16.13.82 read
> by peername=10.16.13.83 read
> by peername=10.16.13.85 read
> by peername=10.16.13.86 read
Use peername.ip instead of peername, just like in the one which does
work. Or replace the "read" lines with
by peername.regex="^IP=10\.16\.13\.8[1-6]:" read
--
Regards,
Hallvard