[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group ACLs do not work (ITS#1607)

To: openldap-its@OpenLDAP.org
Subject: Group ACLs do not work (ITS#1607)
From: asparks@quris.com
Date: Thu, 21 Feb 2002 01:13:30 GMT

Full_Name: Alan Sparks
Version: 2.0.23, CVS-HEAD
OS: Solaris 2.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.101.243.201)


With OpenLDAP 1.2.13 I use the following ACL to control access to userpassword
attribute:

access  to attr=userPassword
        by self write
        by dn="cn=Replication Manager,dc=quris,dc=com" write
        by dn="cn=Manager,dc=quris,dc=com" write
        by group/ekgGroup/uniqueMember="cn=administrators,ou=group,dc=quris,dc=com"
read
        by * compare

Works fine in 1.2.13, but I am able to see the attribute in 2.x with an
ldapsearch
and anonymous bind.  Removing the group ACL drops access to the attribute as
expected.

Is this confirmed to work correctly in 2.x?

For reference, ekgGroup is defined as:
objectclass ( 1.3.6.1.4.1.11335.1.2.4 NAME 'ekgGroup'
        DESC            'mix in Quris group attributes'
        STRUCTURAL
        SUP posixGroup
        MUST (
                cn
        )
        MAY (
                uniqueMember $
                description
        )
 )

Prev by Date: Re: Referral chasing broken in libldap, unless port specified (ITS#1606)
Next by Date: small bug in servers/slapd/charray.c (ITS#1608)
Index(es):
- Chronological
- Thread