[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strange regexp behaviour

To: Dieter Kluenter <dieter@dkluenter.de>, OpenLDAP Ml <openldap-technical@openldap.org>
Subject: Re: strange regexp behaviour
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 14 Apr 2019 23:40:52 +0200
Content-language: en-US
In-reply-to: <878swcabq4.fsf@dkluenter.de>
References: <878swcabq4.fsf@dkluenter.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 4/14/19 4:43 PM, Dieter Kluenter wrote:

I face a strange behaviour of a authz regexp. This is part of my
slapd.conf

authz-regexp "gidNumber=(.*)\+uidNumber=(.*),cn=peercred,cn=external,cn= auth"
  "ldap:///o=avci,c=de?dn?sub?(&(uidNumber=$2)(gidNumber=$1))"

The result of a ldapwhoami:

SASL/EXTERNAL authentication started
SASL username: gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth

A result of search
ldapsearch -Y EXTERNAL -H ldapi:/// -b o=avci,c=de -s sub
"(&(gidNumber=100)(uidNumber=1000))" dn

dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de
result: 0 Success

This regexp has been working for ages, in fact it hasn't been changed
since Ando's first announcement.

Any idea what might have been changed?


Any change in your ACLs?

Maybe an ACL is now blocking auth access to entry
'cn=Dieter Kluenter,ou=Partner,o=avci,c=de'.

Ciao, Michael.

References:
- strange regexp behaviour
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: changes in libldap?
Next by Date: Re: changes in libldap?
Index(es):
- Chronological
- Thread