Re: Error 18: Solaris 10 Native LDAP-Client

[Ralf Haferkamp <rhafer@suse.de>]

Am Dienstag 02 November 2010, 16:57:38 schrieb Benjamin Griese:
> Hello Ralf,
> 
> nice to know that someone from Novell is reading here, too.
> 
> Currently I have opened up a Service Request regarding this topic at
> Novells Suport Center and pointed that out as a Feature Request but
> also as problem I and other people have and are lookinf for a
> workaround.
The feature request is regarding build the overlays as dynamic modules, I 
guess? Yes that's something we are looking into as well. But for this 
special SSS/VLV issue there is already a fix in CVS which I we will most 
probably include in our packages. Changing from static overlays to 
dynamic overlays is unlikely to happen during the SLES11 timeframe I 
think (but we are getting off topic ...)
 
> Too bad I am really low experienced in building complex ACLs to filter
> stuff like this, maybe someone else is able to help us (James and me)
> to workaround that problem.
Something like this should work:

access to dn.base="" attrs=supportedControl
 val/objectIdentifierMatch=1.2.840.113556.1.4.473
 by * none
access to dn.base="" attrs=supportedControl
 val/objectIdentifierMatch=2.16.840.1.113730.3.4.9
 by * none

I just found out however that there seems to be a bug in the ACL code 
when the above ACL appear as the first ACL in the configuration :(. I am 
still trying to track down that problem. So please make sure to have 
another ACL before them (one that doesn't apply to the "supportedControl" 
Attribute of course). 

> I'll give it a shot and let you know if it's working or not. :)
Good luck.

Ralf

-- 
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)