[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access to pseudoattribute "entry" and rewrite overlay



Hi4All! :)

I notice that active RWM/Remap overlay affects ACL-subsystem when ACL =20
checks access to pseudoatribute "entry" and this strange situation=20
occurs even if i not use any rules for rewrite/remap. =D0=9Derewith witho=
ut=20
the loaded overlay RWM all works correctly...
In debug mode slapd with active RWM (no rewrite rules!) deny all access=20
to attribute entry except for "root" user

=3D> access_allowed: search access to "uid=3Dakkerman,cn=3DDirectory Serv=
er=20
Admins,ou=3DGroups,dc=3Dr2,dc=3Dmoney,dc=3Dge,dc=3Dcom" "objectClass" req=
uested
<=3D test_filter 5
=3D> acl_get: [13] attr entry
=3D> slap_access_allowed: result not in cache (entry)
=3D> acl_mask: access to entry "uid=3Dakkerman,cn=3DDirectory Server=20
Admins,ou=3DGroups,dc=3Dr2,dc=3Dmoney,dc=3Dge,dc=3Dcom", attr "entry" req=
uested
=3D> acl_mask: to all values by "", (none(=3D0))
<=3D check a_dn_pat: *
<=3D acl_mask: [1] applying none(=3D0) (stop)
<=3D acl_mask: [1] mask: none(=3D0)
=3D> slap_access_allowed: read access denied by none(=3D0)

This problem may be solved by adding radically liberate rule to the=20
beginning of olcAccess sequence in cn=3Dconfig:
olcAccess: {1}to * attrs=3Dentry by * read

Is it a bug?