[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4599) Internal search results to access denied
Ð? Ñ?ообÑ?ении оÑ? 27 иÑ?нÑ? 2006 19:31 вÑ? напиÑ?али:
No, this is not a question, possibly this is a _bug_:
I read somewhere that internal search must not be a subject of constraints by ACL.
> As you are merely asking a software use question, this
> issue report will be closed without developer action.
> Please direct such questions to the OpenLDAP-software
> mailing list.
>
> Kurt
>
> At 03:53 AM 6/27/2006, john_smyth@mail.ru wrote:
> >Full_Name: John
> >Version: 2.3.24
> >OS: Linux 2.6.17
> >URL: ftp://ftp.openldap.org/incoming/
> >Submission from: (NULL) (195.177.120.251)
> >
> >
> >Hi!
> >Excuse me for my English.
> >
> >Must internal search passes check ACL?
> >
> >
> >content of slapd.conf
> >...
> >loglevel 424
> >authz-regexp
> > uid=(.*),cn=gssapi,cn=auth
> > ldap:///ou=people,dc=example,dc=org??sub?(uid=$1)
> >...
> >
> >
> >Appropriate logs
> >...
> >Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND dn="" method=163
> >Jun 27 13:50:45 main slapd[1752]: str2filter "(uid=user1)"
> >Jun 27 13:50:45 main slapd[1752]: begin get_filter
> >...
> >Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access to
> >"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" "uid" requested
> >...
> >Jun 27 13:50:45 main slapd[1752]: => access_allowed: auth access denied by
> >none(=0)
> >...
> >Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND authcid="user1"
> >authzid="user1"
> >Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 BIND
> >dn="uid=user1,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
> >Jun 27 13:50:45 main slapd[1752]: conn=3 op=3 RESULT tag=97 err=0 text=
> >...
> >
> >
> >i.e. mapping "uid=user1,cn=gssapi,cn=auth" to
> >"uid=user1,ou=stuff,ou=mail,ou=people,dc=example,dc=org" by authz-regexp does
> >not work.
>