[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL OK in 2.0/2.1 not OK in 2.2

To: openldap-software@OpenLDAP.org
Subject: Re: ACL OK in 2.0/2.1 not OK in 2.2
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 23 Jun 2004 08:30:17 +0200
In-reply-to: <Pine.LNX.4.58.0406221605070.12270@lenin.net> (lugzug@lenin.net's message of "Tue, 22 Jun 2004 16:33:51 -0700 (PDT)")
References: <Pine.LNX.4.58.0406221605070.12270@lenin.net>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

lugzug@lenin.net writes:

> I have a little test server using OpenLDAP as a NIS replacment.
>
> I've been able to use the ACLs below for quite some time with no troubles.
> When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
> syntax error on line 13.  The error message is "bad DN "()" in to DN
> clause".
>
> I've tried changing the ACL line to "access to dn.base="" by * read". That
> parses OK, but my clients are broken.
>
> On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
> before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
> and /etc/group equiv).
>
>  1 access to attr=userPassword
>  2         by self write
>  3         by anonymous auth
>  4
>  5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
>  6         by self write
>  7         by users read

With flag -x your are initiating an anonymous bind, but your acl's
only allow authenticated users to read. So your access rules work
properly. 

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de

References:
- ACL OK in 2.0/2.1 not OK in 2.2
  - From: lugzug@lenin.net

Prev by Date: Re: BDB
Next by Date: slapadd/bdb tuning newbie
Index(es):
- Chronological
- Thread