[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7495) access filter not correctly validated if assertion attribute not requested

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7495) access filter not correctly validated if assertion attribute not requested
From: michael@stroeder.com
Date: Thu, 17 Jan 2013 10:51:57 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Sorry for the confusion caused by editing what I've copied from the real
system before which uses a group for several Samba DC instances.

In this example the ACL part should be more simple like this:

access to
  dn.subtree="o=example"
  attrs=sambaNTPassword
  filter="(organizationalStatus=0)"
    by dn.exact="uid=samba_dc,o=example" write
    by group="cn=slapd Admins,ou=groups,o=example" =sw
    by self =w
    by * none

Ciao, Michael.

Prev by Date: (ITS#7495) access filter not correctly validated if assertion attribute not requested
Next by Date: Re: (ITS#7495) access filter not correctly validated if assertion attribute not requested
Index(es):
- Chronological
- Thread