[Date Prev][Date Next] [Chronological] [Thread] [Top]

selfread access doesn't work as expected

To: openldap-software@openldap.org
Subject: selfread access doesn't work as expected
From: Christian Fischer <Christian.Fischer@fischundfischer.com>
Date: Wed, 13 May 2009 16:04:00 +0200
Content-disposition: inline
User-agent: KMail/1.9.9

Hi all,

I'm running openldap-2.3.43 on gentoo amd64.

Shouldn't give the following access directive members of 
ou=People,dc=foo,dc=bar selfread permissions to attrs=member and all others 
(eg. the bind user cn=ldapbind,ou=dsa,dc=foo,dc=bar) unlimited read 
permissions?


access to dn.subtree="ou=Group,dc=foo,dc=bar" attrs=member
       by dn.children="ou=People,dc=foo,dc=bar" selfread
       by * read

Selfread works only if i restrict * to none, but that's not what i want.
'by * read' is not what i want at least but it simplifies the example.

access to dn.subtree="ou=Group,dc=foo,dc=bar" attrs=member
       by dn.children="ou=People,dc=foo,dc=bar" selfread
       by * none

It should expand to 
'by dn.children="ou=People,dc=foo,dc=bar" selfread stop'
but it seems to continue.

What's wrong?

Regards
Christian
-- 
"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa

Follow-Ups:
- Re: selfread access doesn't work as expected
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: selfread access doesn't work as expected
  - From: Christian Fischer <Christian.Fischer@fischundfischer.com>

Prev by Date: Sync API beginner / Callback trigger grokking
Next by Date: Re: selfread access doesn't work as expected
Index(es):
- Chronological
- Thread