[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access to pseudoattribute "entry" and rewrite overlay

Konovalov Andrey wrote:
Hi4All! :)
I notice that active RWM/Remap overlay affects ACL-subsystem when ACL =20
checks access to pseudoatribute "entry" and this strange situation=20
occurs even if i not use any rules for rewrite/remap. =D0=9Derewith wit=
the loaded overlay RWM all works correctly...
In debug mode slapd with active RWM (no rewrite rules!) deny all access=
to attribute entry except for "root" user
=3D> access_allowed: search access to "uid=3Dakkerman,cn=3DDirectory Se=
Admins,ou=3DGroups,dc=3Dr2,dc=3Dmoney,dc=3Dge,dc=3Dcom" "objectClass" r=
<=3D test_filter 5
=3D> acl_get: [13] attr entry
=3D> slap_access_allowed: result not in cache (entry)
=3D> acl_mask: access to entry "uid=3Dakkerman,cn=3DDirectory Server=20
Admins,ou=3DGroups,dc=3Dr2,dc=3Dmoney,dc=3Dge,dc=3Dcom", attr "entry" r=
=3D> acl_mask: to all values by "", (none(=3D0))
<=3D check a_dn_pat: *
<=3D acl_mask: [1] applying none(=3D0) (stop)
<=3D acl_mask: [1] mask: none(=3D0)
=3D> slap_access_allowed: read access denied by none(=3D0)
This problem may be solved by adding radically liberate rule to the=20
beginning of olcAccess sequence in cn=3Dconfig:
olcAccess: {1}to * attrs=3Dentry by * read
Is it a bug?

If you believe you spotted a bug you should file an ITS=20
<http://www.openldap.org/its>.  See instructions here about how to=20
report a bug and what information you should provide=20

Otherwise you should discuss software usage on the openldap-software list.

With respect to the issue you report, right now I don't have a clue.=20
However, you provide very little information.  I didn't check yet if=20
it's enough to reproduce the issue you mention, but likely it isn't (no=20
version information, for example, and no detailed slapd.conf).


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it