[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL sockurl syntax (ITS#3050)

Full_Name: Jim Campbell
Version: 2.2.8
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

With 2.2.8 has there been a change in the ACL syntax:
access to *
        by sockurl="^ldapi:///$" write
as I now get permission denied from my Heimdal connection.
If I use:
access to *
        by sockurl="^ldapi:///$" write
        by sockname="PATH=/var/opt/OPENldap/run/ldapi" write
The it passes through first check and succeeds with second:
=> acl_mask: access to entry
=UK", attr "children" requested
=> acl_mask: to all values by "", (=n) 
<= check a_sockurl_pat: ^ldapi:///$
<= check a_sockname_path: PATH=/var/opt/OPENldap/run/ldapi
<= acl_mask: [2] applying write(=wrscx) (stop)
<= acl_mask: [2] mask: write(=wrscx)
=> access_allowed: write access granted by write(=wrscx)
=> access_allowed: write access to
ou=KerberosPrincipals,dc=NP,dc=PH,dc=BHAM,dc=AC,dc=UK" "entry" requested

This used to work in 2.1.x