[Date Prev][Date Next]
access control "set=" problem (ITS#3140)
Full_Name: HAGER Herve
OS: Red Hat 8 and Fedora Core 1
Submission from: (NULL) (18.104.22.168)
OpenLDAP crashes when i perform an unbind ldapsearch on it. I found out that it
is the "set=" directive form an access clause in the slapd.conf which is in
cause, when the group specified contains another group which is in the "what"
part of the access clause. Because i konw this is hard to explain with my
low-level english, i realised a small example ldif :
With the following access clause in the slapd.conf file :
access to *
by set="[cn=admins,o=myorg,c=fr]/member* & user" write
by * read
an unbind ldapsearch on the directory crashes, such as :
ldapsearch -b "o=myorg,c=fr"
The bug is verified on openldap 2.2.4, 2.2.10 and 2.2.11, so i assume all the
2.2.x versions are involved. The bug is not present on the 2.1.30 version.
There's no problem with a bind ldapsearch.
The bug happens on Red Hat 8 and Fedora Core 1, with openldap compiled from
source. Here is my configure command line :
./configure --prefix=/usr/local/openldap --enable-crypt --enable-lmpasswd
--without-cyrus-sasl --with-threads --with-tls --disable-bdb --enable-ldbm
--with-ldbm-gdbm --enable-slurpd --disable-ipv6 --enable-syslog
I hope i have given all relevant information to help fixing this problem.
Thanks for your help.