[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs using dynlist overlay

To: "Howard Chu" <hyc@symas.com>
Subject: Re: ACLs using dynlist overlay
From: "Mattes" <rm@mh-freiburg.de>
Date: Tue, 03 Mar 2015 17:43:06 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <54F4CE2D.5090605@symas.com>
User-agent: SOGoMail 2.2.16

Am Montag, 02. März 2015 21:55 CET, Howard Chu <hyc@symas.com> schrieb:

> Michael Ströder wrote:
> > Mattes wrote:
> >> Dear collected list wisdom,
> >>
> >> I'm trying to set up access control using membership in a dynamic list.I've activated the dynlist overlay and configured it like this:
> >>
> >> olcDlAttrSet: groupOfURLs memberURL member
> >>
> >> and installed an ACL:
> >>
> >> olcAccess: to dn.regex=".+,<some base>"
> >> by self read
> >> by group/groupOfURLs/member="<group DN>" search
> >>
> >> Browsing the directory I can see the member attributes being added to the
> >> group, but testing access with slapacl I encounter the following error:54ef3976 => bdb_entry_get: found entry: "<group DN>"
> >> 54ef3976 <= bdb_entry_get: failed to find attribute member
> >>
> >> What am I doing wrong?
>
> In general, overlays don't take effect for the offline tools, they only function in slapd itself.

O.k., thanks, that makes a lot of sense. So, slapacl can only take static entries into consideration.
That leaves me with the following question: what tool to use to debug ACLs?

TIA Ralf Mattes

Follow-Ups:
- Re: ACLs using dynlist overlay
  - From: Michael Ströder <michael@stroeder.com>
- Re: ACLs using dynlist overlay
  - From: Dieter Klünter <dieter@dkluenter.de>

References:
- Re: ACLs using dynlist overlay
  - From: Howard Chu <hyc@symas.com>

Prev by Date: ldap specifying host attribute
Next by Date: Re: ACLs using dynlist overlay
Index(es):
- Chronological
- Thread