[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap Aci Problem



 Hello!
        I am a new user to openldap and I am using it on the Debian and
 openldap-2.2.13, and I have compiled it by using the following
 sequence:

        #./configure --disable-bdb --enable-ldbm --with-ldbm-api=gdbm
 --enable-crypt --enable-aci=yes
 --prefix=/home/bhavesh/tmp/deleteme/
        #make depend

        #make

        #make install

        then I have made changes in the slapd.conf like database ldbm
        and my slapd.conf is like that

 loglevel    2
 include     /usr/local/ldap/etc/openldap/schema/core.schema
 include     /usr/local/ldap/etc/openldap/schema/cosine.schema
 include     /usr/local/ldap/etc/openldap/schema/inetorgperson.schema
 include     /usr/local/ldap/etc/openldap/schema/nis.schema

 pidfile     /tmp/try//var/run/slapd.pid
 argsfile    /tmp/try//var/run/slapd.args

 database    ldbm
 suffix      "dc=lan,dc=deeproot,dc=co,dc=in"
 #rootdn     "cn=admin,dc=lan,dc=deeproot,dc=co,dc=in"
 #rootpw     admin
 rootdn      "uid=easypush,ou=people,dc=lan,dc=deeproot,dc=co,dc=in"
 rootpw      easypush
 #directory  /usr/local/ldap/var/openldap-ldbm
 directory   /home/bhavesh/tmp/try/var/openldap-data

 index       objectClass eq


 access to *
     by aci write
     by * none

            I have followed the sequences from the following referance
 http://www.openldap.org/faq/data/cache/634.html

 my all ldif that I have addded to my server are :

 dn: dc=lan,dc=deeproot,dc=co,dc=in
 o: deeproot
 dc: lan
 objectClass: top
 objectClass: organization
 objectClass: dcObject

 dn: ou=addressBook,dc=lan,dc=deeproot,dc=co,dc=in
 ou: addressBook
 objectClass: top
 objectClass: organizationalUnit

 dn: ou=People,dc=lan,dc=deeproot,dc=co,dc=in
 ou: People
 objectClass: top
 objectClass: organizationalUnit

 dn: ou=addressBook1,dc=lan,dc=deeproot,dc=co,dc=in
 ou: addressBook1
 objectClass: top
 objectClass: organizationalUnit

 dn: uid=bhavesh,dc=lan,dc=deeproot,dc=co,dc=in
 uid: bhavesh
 objectClass: organizationalUnit
 objectClass: uidObject
 ou: Deeproot

 dn: uid=bhavesh1,dc=lan,dc=deeproot,dc=co,dc=in
 uid: bhavesh1
 userPassword:: e0NSWVBUfXJmV2dxbk8vcklKZlU=
 objectClass: top
 objectClass: account
 objectClass: simpleSecurityObject

 dn: uid=bhavesh2,dc=lan,dc=deeproot,dc=co,dc=in
 uid: bhavesh2
 userPassword:: e0NSWVBUfURGSTVpd00vaDl2RU0=
 objectClass: top
 objectClass: account
 objectClass: simpleSecurityObject

 dn: uid=bhavesh3,dc=lan,dc=deeproot,dc=co,dc=in
 uid: bhavesh3
 userPassword:: e0NSWVBUfVY5ZUo2TzRGV0I2akE=
 objectClass: top
 objectClass: account
 objectClass: simpleSecurityObject
 OpenLDAPaci:1#entry#grant;r,w,s,c;[all]#access-id#uid=bhavesh1,dc=lan,dc=deeproot,dc=co,dc=in


      All these entries are successfully added, but what I want is that
 entry of the dn: uid=bhavesh3,dc=lan,dc=deeproot,dc=co,dc=in will
 only access by the dn: uid=bhavesh1,dc=lan,dc=deeproot,dc=co,dc=in
 ,so I have added the aci in the last entry.

 But when I do

 #ldapsearch -b "dc=lan,dc=deeproot,dc=co,dc=in" -D
 "uid=bhavesh2,dc=lan,dc=deeproot,dc=co,dc=in" -W


 # extended LDIF
 #
 # LDAPv3
 # base <uid=bhavesh3,dc=lan,dc=deeproot,dc=co,dc=in> with scope sub
 # filter: (objectclass=*)
 # requesting: ALL
 #

 # bhavesh3, lan.deeproot.co.in
 dn: uid=bhavesh3,dc=lan,dc=deeproot,dc=co,dc=in
 uid: bhavesh3
 userPassword:: e0NSWVBUfVY5ZUo2TzRGV0I2akE=
 objectClass: top
 objectClass: account
 objectClass: simpleSecurityObject

 # search result
 search: 2
 result: 0 Success

 # numResponses: 2
 # numEntries: 1

 Then the entry of  dn: uid=bhavesh3,dc=lan,dc=deeproot,dc=co,dc=in is
 readable to user bhavesh2, this should not be happen.

        Please help me if you find any step missing or wrong in the given
 sequence.

  Bhavesh.