[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control broken (ITS#4019)

Why should the second rule get caught when there are

     ou: beer
     ou: cider

and not make it to the break?  The filters when I do the ldapsearch  
work as expected.

The user DN is not meant to match the DN in the <who>.  The DN in the  
<who> is matched against the bind dn...

I made it long to give a good demonstration of the problem.


On 10/09/2005, at 14:01, Pierangelo Masarati wrote:

> Anyway, I think it works as intended.  In fact, the second rule in  
> your post
> gets caught when checking the object that contains both "cider" and  
> "beer" and
> since the user DN does not match the DN in the <who>, control  
> doesn't even get
> to the break, so the third rule is never checked.  I suspect you  
> need to add a
> "by * none break" at the end of each rule to get the behavior you  
> expect, much
> like you did in the first rule.
> p.
> PS: I suggest you try to keep your reports a bit shorter and  
> focused on the
> issue; I nearly consumed the page-up/down buttons trying to keep  
> track of what
> you're saying.

Dr Stuart Midgley