[Date Prev][Date Next] [Chronological] [Thread] [Top]

v2.0.11 ACL woes

To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Subject: v2.0.11 ACL woes
From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
Date: Fri, 22 Jun 2001 09:33:19 +0100
Organization: University of Sussex

I've just upgraded from v2.0.7 to 2.0.11 . Running against the same
slapd.conf anonymous searches work fine with v2.0.7 but are all denied
with v2.0.11. ACLs look like ...

access to * 
        by domain=.*\.susx\.ac\.uk      read
        by domain=.*\.sussex\.ac\.uk    read
        by domain=localhost             read
        by users                        read
        by *                            none

It looks like the domain matches are failing. 
Anyone had similar experience?
 
Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273
271956

-------------
Some logs ... v2.0.11

Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => access_allowed:
search access to "o=University of Sussex" "o" requested
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => acl_get: [1]
check attr o
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => acl_get: [3]
check attr o
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= acl_get: [3]
acl o=University of Sussex attr: o
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => acl_mask:
access to entry "o=University of Sussex", attr "o" requested
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => acl_mask: to
all values by "", (=n) 
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= check
a_domain_pat: .*.susx.ac.uk
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= check
a_domain_pat: .*.sussex.ac.uk
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= check
a_domain_pat: localhost
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= check a_dn_pat:
users
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= check a_dn_pat:
*
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= acl_mask: [5]
applying none (=n) (stop)
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: <= acl_mask: [5]
mask: none (=n)
Jun 22 09:22:03 prime.central.susx.ac.uk slapd[8147]: => access_allowed:
search access denied by none (=n)

...and v2.0.7

Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => access_allowed:
search access to "o=University of Sussex" "o" requested
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => acl_get: [1]
check attr o
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => acl_get: [3]
check attr o
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: <= acl_get: [3]
acl o=University of Sussex attr: o
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => acl_mask:
access to entry "o=University of Sussex", attr "o" requested
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => acl_mask: to
all values by "", (=n) 
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: <= check
a_domain_pat: .*.susx.ac.uk
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: <= acl_mask: [1]
applying read (=rscx) (stop)
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: <= acl_mask: [1]
mask: read (=rscx)
Jun 22 09:27:17 prime.central.susx.ac.uk slapd[8195]: => access_allowed:
search access granted by read (=rscx)

Follow-Ups:
- Re: v2.0.11 ACL woes - more debug info
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
- Re: v2.0.11 ACL woes - SOLVED!
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)

Prev by Date: Vijay - Postfix Global Address Book
Next by Date: Re: partial replication & slurpd
Index(es):
- Chronological
- Thread