[Date Prev][Date Next]
group ACL Problems, disallow deletion of an object
With openldap 2.1.30 (debin sarge) if I use ACLs that restrict access to
certain groups if those groups do not exist when accessing the
(protected) objects slapd crashes and corrupts the database.
access to dn=".*,dc=test,dc=org"
by * read
slap_send_ldap_result: Assertion `!(((0x51) <= ((err))) && (((err)) <=
(0x61)))&& ( err >= 0 )' failed
As a workaround I would like to protect those groups from being
deleted/moved to ensure that they exist and the database does not crash.
But (write) access to their attributes still has to work. How do I allow
to modify attributes but not to delete the whole object?
2 ACLs, one with each possible attribute in the attribute line and the
rule that allows to write followed by one without an attribute line with
BTW: is anybody aware of a patch/fix for the upper problem (which would
obviously make my workaround obsolete)?