[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL sockurl syntax (ITS#3050)

To: openldap-its@OpenLDAP.org
Subject: ACL sockurl syntax (ITS#3050)
From: J.Campbell@bham.ac.uk
Date: Thu, 1 Apr 2004 09:22:57 GMT

Full_Name: Jim Campbell
Version: 2.2.8
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (147.188.40.2)


Hi,
With 2.2.8 has there been a change in the ACL syntax:
access to *
        by sockurl="^ldapi:///$" write
as I now get permission denied from my Heimdal connection.
If I use:
access to *
        by sockurl="^ldapi:///$" write
        by sockname="PATH=/var/opt/OPENldap/run/ldapi" write
The it passes through first check and succeeds with second:
=> acl_mask: access to entry
"ou=KerberosPrincipals,dc=NP,dc=PH,dc=BHAM,dc=AC,dc
=UK", attr "children" requested
=> acl_mask: to all values by "", (=n) 
<= check a_sockurl_pat: ^ldapi:///$
<= check a_sockname_path: PATH=/var/opt/OPENldap/run/ldapi
<= acl_mask: [2] applying write(=wrscx) (stop)
<= acl_mask: [2] mask: write(=wrscx)
=> access_allowed: write access granted by write(=wrscx)
=> access_allowed: write access to
"cn=krbtgt/np.ph.bham.ac.uk@np.ph.bham.ac.uk,
ou=KerberosPrincipals,dc=NP,dc=PH,dc=BHAM,dc=AC,dc=UK" "entry" requested

This used to work in 2.1.x
cheers
Jim

Prev by Date: ITS#3051
Next by Date: Active Directory ref: with ldapsearch (ITS#3051)
Index(es):
- Chronological
- Thread