[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4599) Internal search results to access denied
Full_Name: John
Version: 2.3.24
OS: Linux 2.6.17
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.177.120.251)
Hi!
Excuse me for my English.
Must internal search passes check ACL?
content of slapd.conf
...
loglevel 424
authz-regexp
uid=(.*),cn=gssapi,cn=auth
ldap:///ou=people,dc=example,dc=org??sub?(uid=$1)
...
Appropriate logs
...
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND dn="" method=163
Jun 27 13:50:45 main slapd[1752]: str2filter "(uid=user1)"
Jun 27 13:50:45 main slapd[1752]: begin get_filter
...
Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access to
"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" "uid" requested
...
Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access denied by
none(=0)
...
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND authcid="user1"
authzid="user1"
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND
dn="uid=user1,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 RESULT tag=97 err=0 text=
...
i.e. mapping "uid=user1,cn=gssapi,cn=auth" to
"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" by authz-regexp does
not work.