[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL order changes * by * read access (ITS#2068)
Full_Name: Quanah Gibson-Mount
Version: 2.1.4
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.13.58)
Hello,
If I create an ACL file like this:
# ACL include file for slapd
#
# this is specific to ldap4.stanford.edu for testing
access to *
by dn="cn=manager,dc=stanford,dc=edu" write
by group="cn=Supervisor,cn=Applications,dc=stanford,dc=edu" write
by group="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu" read
by dn="cn=replicator,cn=Applications,dc=stanford,dc=edu" read
by * read
access to dn=".*,cn=People,dc=stanford,dc=edu"
by dn="cn=SLOG-People,cn=Applications,dc=stanford,dc=edu" write
access to dn=".*,cn=Accounts,dc=stanford,dc=edu"
by dn="cn=SLOG-Accounts,cn=Applications,dc=stanford,dc=edu" write
Access seems to work correctly. However, If I change the order thus:
# ACL include file for slapd
#
# this is specific to ldap4.stanford.edu for testing
access to dn=".*,cn=People,dc=stanford,dc=edu"
by dn="cn=SLOG-People,cn=Applications,dc=stanford,dc=edu" write
access to dn=".*,cn=Accounts,dc=stanford,dc=edu"
by dn="cn=SLOG-Accounts,cn=Applications,dc=stanford,dc=edu" write
access to *
by dn="cn=manager,dc=stanford,dc=edu" write
by group="cn=Supervisor,cn=Applications,dc=stanford,dc=edu" write
by group="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu" read
by dn="cn=replicator,cn=Applications,dc=stanford,dc=edu" read
by * read
When I do an ldapsearch, I see only the Accounts subtree. I would guess that
something is incorrect in the way in which slapd parses the regexp for the first
2 entries in the second example.