[Date Prev][Date Next] [Chronological] [Thread] [Top]

comments break acls (ITS#1854)

To: openldap-its@OpenLDAP.org
Subject: comments break acls (ITS#1854)
From: flemming@spiralout.net
Date: Tue, 4 Jun 2002 16:18:37 GMT

Full_Name: Robert Flemming
Version: 2.0.23
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.186.202.146)


If defining an acl in which there is comment in the middle of it slapd appears
to not read beyond them.  For example:

access to *
	by dn="cn=admin,dc=foo,dc=com" write
#	by dn=".*,dc=foo,dc=com" read
#	by * none
	by * read

Here is a snippet of the log file at debug level 128

Jun  4 09:03:17 phillip slapd[15410]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun  4 09:03:17 phillip slapd[15410]: <= acl_mask: no more <who> clauses,
returning =n (stop)
Jun  4 09:03:17 phillip slapd[15410]: => access_allowed: search access denied by
=n

Notice the difference when changing the config file to:

access to *
	by dn="cn=admin,dc=foo,dc=com" write
	by * read

Jun  4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: cn=admin,dc=foo,dc=com
Jun  4 09:07:17 phillip slapd[28450]: <= check a_dn_pat: *
Jun  4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] applying read (=rscx)
(stop)
Jun  4 09:07:17 phillip slapd[28450]: <= acl_mask: [5] mask: read (=rscx)
Jun  4 09:07:17 phillip slapd[28450]: => access_allowed: read access granted by
read (=rscx)

Seems like a bug to me, but I could just be stupid.

Prev by Date: Re: -e rejectsfile option for ldapmodify (ITS#1832)
Next by Date: re: errors on "make test" (ITS#1857)
Index(es):
- Chronological
- Thread