[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's for SASL compat.

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: ACL's for SASL compat.
From: Marc Heckmann <heckmann@hbesoftware.com>
Date: Tue, 10 Oct 2000 11:45:09 -0400
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <5.0.0.25.0.20001010082913.00a2e8f0@router.boolean.net>; from Kurt@OpenLDAP.org on Tue, Oct 10, 2000 at 08:30:08AM -0700
References: <5.0.0.25.0.20001004143821.00a69960@router.boolean.net> <20001006150945.D7227@hbesoftware.com> <5.0.0.25.0.20001006123019.00a3cbe0@router.boolean.net> <5.0.0.25.0.20001006163403.00a3a570@router.boolean.net> <39DF5193.7525A1F6@hbesoftware.com> <5.0.0.25.0.20001007114303.00a5d100@router.boolean.net> <20001010105315.G7227@hbesoftware.com> <5.0.0.25.0.20001010080445.00a3d810@router.boolean.net> <20001010112652.J7227@hbesoftware.com> <5.0.0.25.0.20001010082913.00a2e8f0@router.boolean.net>
User-agent: Mutt/1.2.5i

On Tue, Oct 10, 2000 at 08:30:08AM -0700, Kurt D. Zeilenga wrote:
> At 11:26 AM 10/10/00 -0400, Marc Heckmann wrote:
> >ok, how do I enable _all_ logging I have tried but haven't figured out how to get it all. 
> 
> slapd -d -1 ....
> 
ok,

	found it, it needs do have a double backslash: "by dn="uid=testuser\\+realm=schoenberg" write" for it to work.
This gives the following,

=> acl_mask: access to entry "uid=testuser,portalId=ADBE,ou=People,o=RedGorilla", attr "sn" requested
=> acl_mask: to value by "UID=TESTUSER+REALM=SCHOENBERG", (=n) 
<= check a_dn_pat: uid=testuser\+realm=schoenberg
=> string_expand: pattern:  uid=testuser\+realm=schoenberg
=> string_expand: expanded: uid=testuser\+realm=schoenberg
=> regex_matches: string:   UID=TESTUSER+REALM=SCHOENBERG
=> regex_matches: rc: 0 matches

with a single backslash, we get,

=> acl_mask: access to entry "uid=testuser,portalId=ADBE,ou=People,o=RedGorilla", attr "sn" requested
=> acl_mask: to value by "UID=TESTUSER+REALM=SCHOENBERG", (=n) 
<= check a_dn_pat: uid=testuser+realm=schoenberg
=> string_expand: pattern:  uid=testuser+realm=schoenberg
=> string_expand: expanded: uid=testuser+realm=schoenberg
=> regex_matches: string:   UID=TESTUSER+REALM=SCHOENBERG
=> regex_matches: rc: 1 no matches

	So the question is what is the intended behaviour?
-- 
	Marc Heckmann  -  Network Operations  
        HBE Software/Opendesk.Com
        heckmann@hbesoftware.com www.hbesoftware.com
        heckmann@opendesk.com www.opendesk.com
        Tel. (514) 876-7881 ext. 219
        Fax. (514) 876-9223

Follow-Ups:
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL's for SASL compat.
  - From: Marc Heckmann <heckmann@hbesoftware.com>
- Re: ACL's for SASL compat.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: ldap-backend-sql
Next by Date: WinNT Authentication
Index(es):
- Chronological
- Thread