[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3416) HEAD peername ACL issue



Full_Name: Quanah Gibson-Mount
Version: HEAD
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.66.182.82)


When the slapd.conf file is evaluated out of HEAD, it complains about my
peername ACL:

/usr/local/etc/openldap/slapd.acl: line 593: peername pattern already
specified.
<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]
<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
        [dnattr=<attrname>]
        [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
        [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
        [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]
        [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex
<style> ::= exact | regex | base(Object)
<peernamestyle> ::= exact | regex | ip | path
<domainstyle> ::= exact | regex | base(Object) | sub(tree)
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x|0}+
<control> ::= [ stop | continue | break ]

However, according to the HEAD manpage, my ACL is correct:

access to dn.children="cn=accounts,dc=stanford,dc=edu"
filter=(sulelandstatus=active) attrs=posixAccount
        by peername.ip=127.0.0.1 anonymous read

I currently use this ACL in OpenLDAP 2.2 without issue.