[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Group ACLs do not work (ITS#1607)
Full_Name: Alan Sparks
Version: 2.0.23, CVS-HEAD
OS: Solaris 2.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.101.243.201)
With OpenLDAP 1.2.13 I use the following ACL to control access to userpassword
attribute:
access to attr=userPassword
by self write
by dn="cn=Replication Manager,dc=quris,dc=com" write
by dn="cn=Manager,dc=quris,dc=com" write
by group/ekgGroup/uniqueMember="cn=administrators,ou=group,dc=quris,dc=com"
read
by * compare
Works fine in 1.2.13, but I am able to see the attribute in 2.x with an
ldapsearch
and anonymous bind. Removing the group ACL drops access to the attribute as
expected.
Is this confirmed to work correctly in 2.x?
For reference, ekgGroup is defined as:
objectclass ( 1.3.6.1.4.1.11335.1.2.4 NAME 'ekgGroup'
DESC 'mix in Quris group attributes'
STRUCTURAL
SUP posixGroup
MUST (
cn
)
MAY (
uniqueMember $
description
)
)