[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Procedure going from search query to an acl

To: Marc Roos <M.Roos@f1-outsourcing.eu>, openldap-technical <openldap-technical@openldap.org>
Subject: Re: Procedure going from search query to an acl
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 27 Aug 2019 09:01:02 -0700
Content-disposition: inline
In-reply-to: <"H00000710014d4b2.1566920157.sx.f1-outsourcing.eu*"@MHS>
References: <"H00000710014d4b2.1566920157.sx.f1-outsourcing.eu*"@MHS>

--On Tuesday, August 27, 2019 6:35 PM +0200 Marc Roos<M.Roos@f1-outsourcing.eu> wrote:


I have client that coredumps with these acl's. When I remove them, the
client is getting data from the ldap server and I can see the queries it
is doing on the server. I thougt the lines below would give access to
ou=Services and below by test, but I guess not.


The client core dumps?  Sounds like a serious bug in the client.

I guess I should grep the log for the acl_mask entries not? What would
be an adviced procedure to do this? I also do not want to get a huge
list of acls for just one client type. Everything below
"ou=Services,dc=example,dc=local" is test to read. (No password
attributes stored there)

You could use the slapacl command perhaps? I'm not quite sure what you'reasking for here.


--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Procedure going from search query to an acl
  - From: "Marc Roos" <M.Roos@f1-outsourcing.eu>

Prev by Date: Procedure going from search query to an acl
Next by Date: Re: Dynamic ACL in OpenLDAP with set:expand not working
Index(es):
- Chronological
- Thread