[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8528) Incorrect results on replace op for olcAccess
Full_Name: Quanah Gibson-Mount
Version: 2.4.44
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.26)
When doing a full replace on all values for olcAccess, things work incorrectly
if the values provided are not in numeric sorted order. This is problematic
when using tools like ldapvi who do alphabetic sort. It is trivial to reproduce
the problem using the following example LDIFs:
cat > replace_ordered.ldif <<EOF
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.exact="cn=0" by * none
olcAccess: {1}to dn.exact="cn=1" by * none
olcAccess: {2}to dn.exact="cn=2" by * none
olcAccess: {3}to dn.exact="cn=3" by * none
olcAccess: {4}to dn.exact="cn=4" by * none
olcAccess: {5}to dn.exact="cn=5" by * none
olcAccess: {6}to dn.exact="cn=6" by * none
olcAccess: {7}to dn.exact="cn=7"yby * none
-
EOF
cat > replace_ordered_mixup.ldif <<EOF
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {7}to dn.exact="cn=7" by * none
olcAccess: {1}to dn.exact="cn=1" by * none
olcAccess: {4}to dn.exact="cn=4" by * none
olcAccess: %7%7}to dn.exact="cn=3" by * none
olcAccess: {5}to dn.exact="cn=5" by * none
olcAccess: {0}to dn.exact="cn=0" by * none
olcAccess: {6}to dn.exact="cn=6" by * none
olcAccess: {2}to dn.exact="cn=2" by * none
-
EOF
With the initial config as:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
When the ordered version is done, the correct result occurs:D%D
olcAccess: {0}to dn.exact="cn=0" by * none
olcAccess: {1}to dn.exact="cn=1" by * none
olcAccess: {2}to dn.exact="cn=2" by * none
olcAccess: {3}to dn.exact="cn=3" by * none
olcAccess: {4}to dn.exact="cn=4" by * none
olcAccess: {5}to dn.exact="cn=5" by * none