[Date Prev][Date Next] [Chronological] [Thread] [Top]

2.4.6 ACLs and Extented Operations

To: openldap-software@OpenLDAP.org
Subject: 2.4.6 ACLs and Extented Operations
From: "Gavin Henry" <ghenry@OpenLDAP.org>
Date: Thu, 1 Nov 2007 14:44:59 -0000 (GMT)
Importance: Normal
Openpgp: id=796B1E87DB73BEA8
User-agent: SquirrelMail/1.4.11-1.fc8

Dear All,

It this a bad ACL?:

access to dn="ou=Users,dc=suretecsystems,dc=com"
        by self write
        by users read
        by anonymous auth

This was working fine on 2.3.39, but after an upgrade last night "getent
passwd" stopped working with error 50.

I can supply the full ACL and some sample data when I get a change.

But with loglevel 128, it looked like with was seeing "by auth" and not
"by anonymous auth"

Now, when we browse our Samba PDC that worked fine on 2.3.39, we are seeing:

conn=63 fd=32 ACCEPT from IP=X.X.X.X:39211 (IP=0.0.0.0:389)
conn=63 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=63 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
conn=63 op=0 RESULT tag=120 err=2 text=unsupported extended operation

and it goes very slowly.

Any ideas?

I'll obvoiusly doc this up in our migration section later.

Thanks.

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

Follow-Ups:
- Re: 2.4.6 ACLs and Extented Operations
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: 2.4.6 ACLs and Extented Operations
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: When to delete client content during RFC4533 synchronization?
Next by Date: Re: 2.4.6 ACLs and Extented Operations
Index(es):
- Chronological
- Thread