[Date Prev][Date Next] [Chronological] [Thread] [Top]

An accesslist problem OpenLDAP 1.2.3

With the OpenLDAP v1.2.3 i have a accesslist problem. My slapd.conf contains:
access to attr=userpassword
  by self write
  by dn="cn=admin, ou=person, dc=decor-metall, dc=de" write
  by * compare

access to dn="cn=*, ou=device, dc=decor-metall, dc=de"
  by self write
  by dn="cn=inventaradmin, ou=person, dc=decor-metall, dc=de" write
  by dn="cn=inventardb, ou=person, dc=decor-metall, dc=de" read

If i try to get entries as "cn=inventardb" or "cn=inventaradmin", but there a
no output.

The syslog output:
before select active_threads 1
     0 0 0
     filter: (cn=08454)

 => ldbm_back_search
 entry_rdwr_rtrylock: ID: 2
 entry_rdwr_runlock: ID: 2
 entry_rdwr_rtrylock: ID: 167
  => access_allowed: entry (cn=08454, ou=device, dc=decor-metall, dc=de) \
	attr (cn)
  => acl_get: entry (cn=08454, ou=device, dc=decor-metall, dc=de) attr (cn)
 => acl_get: edn CN=08454,OU=DEVICE,DC=DECOR-METALL,DC=DE
 => acl_get: [1] check attr cn
 <= acl_get: no match
  => acl_access_allowed: search access to entry \
	"cn=08454, ou=device, dc=decor-metall, dc=de"
  => acl_access_allowed: search access to value "08454" by \
 <= acl_access_allowed: denied by default (no matching to)
  => access_allowed: exit (cn=08454, ou=device, dc=decor-metall, dc=de)\
	 attr (cn)
 entry_rdwr_runlock: ID: 167

With my rootdn everything works fine. I checked again and again for
misspelling, wrong paramters, but found nothing.

Frank Matthieß	      

Privat Frank.Matthiess@GMX.net			                +49-5245-4662
Firma  Frank.Matthiess@decor-metall.de                       +49-5222-286-315