Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (193.157.200.213) Submitted by: hallvard back-bdb, back-monitor: If attr A is ACL-protected and inherits from B, one can still check its value with ldapcompare ... 'B:value'. back-config: Compare doesn't seem to support attribute inheritance. root DSE, cn=subschema: Inheritance works correctly. ######## acl.conf include servers/slapd/schema/core.schema rootdse root.ldif access to attrs=st,cn by * none access to * by * read database bdb suffix o=foo directory acl.dir dbconfig set_flags DB_LOG_AUTOREMOVE database monitor database config access to * by * read ######## root.ldif dn: objectClass: extensibleObject st: hidden ######## slapadd: acl.ldif dn: o=foo objectClass: organization st: hidden ######## Results. cn=config should get TRUE, others UNDEFINED. ldapcompare -x cn=config name:config -> UNDEFINED, No such attribute (16) ldapcompare -x cn=config cn:config -> TRUE ldapcompare -x o=foo name:hidden -> TRUE ldapcompare -x o=foo st:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x cn=monitor name:monitor -> TRUE ldapcompare -x cn=monitor cn:monitor -> UNDEFINED, Insufficient access (50) ldapcompare -x '' name:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x '' cn:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x cn=subschema cn:subschema ->UNDEFINED,Insufficient access (50) ldapcompare -x cn=subschema name:subschema ->UNDEFINED,Insufficient access (50)
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
changed notes changed state Release to Partial
h.b.furuseth@usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: Linux > URL: > Submission from: (NULL) (193.157.200.213) > Submitted by: hallvard > > > back-bdb, back-monitor: If attr A is ACL-protected and inherits from B, > one can still check its value with ldapcompare ... 'B:value'. > > back-config: Compare doesn't seem to support attribute inheritance. > > root DSE, cn=subschema: Inheritance works correctly. All Compare processing has been centralized in the frontend so all backends implement it uniformly now. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
partial fix in HEAD - check all other backends partial fix in RE24 - check all other backends