[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4253) val.regex broken
> Pierangelo,
>
> I can't duplicate my exact bug, but I can clearly illustrate with test003
> that there is a bug in how the first val.regex ACL is treated.
> Using the following set of ACL's with test003, I can produce even yet
> *another* bug:
>
> access to attrs=cn val.regex="Mark.+"
> by dn.exact="cn=Bjorn Jensen,ou=Information Technology
> Division,ou=People,dc=example,dc=com" read
> by * break
>
> access to attrs=cn val.regex="James.+"
> by dn.exact="cn=Barbara Jensen,ou=Information Technology
> Division,ou=People,dc=example,dc=com" read
> by * break
>
> access to attrs=cn
> by * search
>
> access to *
> by * read
>
>
>
> Now, we know that "Mark Elliot" has two cn's, "Mark Elliot" and "Mark A
> Elliot", so the first regex should allow *both* values to be returned for
> "Bjorn", but it doesn't!
>
> ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -D 'cn=Bjorn
> Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' -w
> bjorn -LLL cn
>
> dn: cn=Manager,dc=example,dc=com
>
> dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
> cn: Mark Elliot
>
> dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
>
>
> The search with Barbara doing something similar with "James" works as
> expected:
>
> ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -D 'cn=Barbara
> Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' -w
> bjensen -LLL cn
>
>
> dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
>
> dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
> cn: James A Jones 1
> cn: James Jones
>
> dn: cn=James A Jones 2,ou=Information Technology
> Division,ou=People,dc=example
> ,dc=com
> cn: James A Jones 2
> cn: James Jones
>
> dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
>
>
>
> Now, if we reverse the ACL's, we get the same erroneous behavior with
> Barbara, but it is now correct for Bjorn!
>
> access to attrs=cn val.regex="James.+"
> by dn.exact="cn=Barbara Jensen,ou=Information Technology
> Division,ou=People,dc=example,dc=com" read
> by * break
>
> access to attrs=cn val.regex="Mark.+"
> by dn.exact="cn=Bjorn Jensen,ou=Information Technology
> Division,ou=People,dc=example,dc=com" read
> by * break
>
> access to attrs=cn
> by * search
>
> access to *
> by * read
>
>
> ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -D 'cn=Barbara
> Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' -w
> bjensen -LLL cn
>
>
> dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
>
> dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
> cn: James A Jones 1
>
> dn: cn=James A Jones 2,ou=Information Technology
> Division,ou=People,dc=example
> ,dc=com
> cn: James A Jones 2
>
> dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
>
>
>
> Here it is correct for Bjorn now:
>
> ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -D 'cn=Bjorn
> Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' -w
> bjorn -LLL cn
>
> dn: cn=Manager,dc=example,dc=com
>
> dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
> cn: Mark Elliot
> cn: Mark A Elliot
>
> dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
OK. odd, but at least I know where to dig.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
Ing. Pierangelo Masarati
Responsabile Open Solution
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------