[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Tests works fine - still not working when installed... - 2.3.7
- To: Quanah Gibson-Mount <quanah@stanford.edu>, openldap-software@OpenLDAP.org
- Subject: Re: Tests works fine - still not working when installed... - 2.3.7
- From: Olaf Beck <olaf_sc@yahoo.com>
- Date: Tue, 27 Sep 2005 09:50:22 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VY8JWI/mlnJ725wOzNoTQsdtf7QZRY7IBa0a+7Kn+gAc5TiV/+zpJ+yjBhB2i/2UfFqNg10GnBnhckMqiyoq0ASIrrMuUHP9Xk1QFqF37knqViAyxqYHPuKvGK2M/57TWNA3Odu0I0cIxsJkv6QWqhLduXKHomZhvjK4deHbKmk= ;
- In-reply-to: <90DACB96A9EC8C86CF269E68@cadabra-dsl.stanford.edu>
Hello,
Still having the same problem even when the ACL is
fixed (thanks for that one)
ber_scanf fmt ({miiiib) ber:
send_ldap_result: conn=1 op=1 p=3
send_ldap_result: err=2 matched="" text="invalid time
limit"
send_ldap_response: msgid=2 tag=101 err=2
ber_flush: 32 bytes to sd 11
connection_get(11)
connection_get(11): got connid=1
connection_read(11): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource
temporarily unavailable)
do_unbind
connection_closing: readying conn=1 sd=11 for close
connection_resched: attempting closing conn=1 sd=11
connection_close: conn=1 sd=11
Cheers Olaf
--- Quanah Gibson-Mount <quanah@stanford.edu> wrote:
>
>
> --On Monday, September 26, 2005 5:46 PM -0700 Olaf
> Beck <olaf_sc@yahoo.com>
> wrote:
>
> ># Sample Access Control
> ># Allow read access of root DSE
> ># Allow self write access
> ># Allow authenticated users read access
> ># Allow anonymous users to authenticate
> >#
> ># access to * by *
> > access to * by self write
> > access to * by * read
> > access to * by anonymous read
>
> You obviously don't understand ACL's, given the
> above. It looks to me like
> the server is acting exactly the way you told it to.
>
> ACL's are applied as they are encountered, and stop
> at the first matching
> ACL. That means the only ACL *ever* evaluated above
> is:
>
> access to * by self write
>
>
> I think what you *really* are looking for here is:
>
> access to *
> by self wite
> by * read
>
>
> Which is the correct equivalent to what you wrote.
> Note that the above ACL
> set will expose user passwords if you have them in
> the database, so is not
> particularly secure.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key:
> http://www.stanford.edu/~quanah/pgp.html
>
> "These censorship operations against schools and
> libraries are stronger
> than ever in the present religio-political climate.
> They often focus on
> fantasy and sf books, which foster that deadly enemy
> to bigotry and blind
> faith, the imagination." -- Ursula K. Le Guin
>
>