[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL problem with version 2.0.23

To: "'OpenLDAP-Software'" <openldap-software@OpenLDAP.org>
Subject: ACL problem with version 2.0.23
From: "Dale, Warren" <Dale.Warren@wcom.com.au>
Date: Tue, 7 May 2002 11:26:31 +0800

People,

I am belatedly upgrading from version 1.2.9 to version 2.0.23.
I am using Solaris 8.
I am having problems with my ACL specifications.

Here are the relevant lines from slapd.conf:
36  access to attr=userPassword
37      by dn="uid=Replicator,ou=Special Users,o=OzEmail,c=au" write
38      by dn="uid=Infranet,ou=Special Users,o=OzEmail,c=au" read

I started slapd with "-d 32767".
Listed below are two extracts from the output.

In lines 2-5 the ACL appears to have been accepted.
In lines 9-41 we see the results, with the failure on line 41.

Note particularly lines 35-39.
In lines 35-37 the DN's appear to match.
But they do not because "string" is empty. (Line 38). Why?

What have I done wrong?

HELP!

Sadly,
Warren.

 1  --------------------------------------------------
 2  line 38 (access to attr=userPassword by dn="uid=Replicator,ou=Special
Users,o=TheCompany,c=au" write by dn="uid=Accounting,ou=Special
Users,o=TheCompany,c=au" read)
 3  Global ACL: access to attrs=userPassword
 4      by dn.regex=uid=Replicator,ou=Special Users,o=TheCompany,c=au write
(=wrscx)
 5      by dn.regex=uid=Accounting,ou=Special Users,o=TheCompany,c=au read
(=rscx)
 6
 7  line 68 (defaultaccess none)
 8  --------------------------------------------------
 9  do_bind: version=3 dn="uid=Accounting,ou=Special
Users,o=TheCompany,c=au" method=128
10  conn=0 op=0 BIND dn="UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU"
method=128
11  ==> ldbm_back_bind: dn: uid=Accounting,ou=Special
Users,o=TheCompany,c=au
12  dn2entry_r: dn: "UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU"
13  => dn2id( "UID=ACCOUNTING,OU=SPECIAL USERS,O=THECOMPANY,C=AU" )
14  => ldbm_cache_open( "dn2id.dbb", 73, 600 )
15  ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
16  <= ldbm_cache_open (opened 0)
17  <= dn2id 5
18  => id2entry_r( 5 )
19  => ldbm_cache_open( "id2entry.dbb", 73, 600 )
20  ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
21  <= ldbm_cache_open (opened 1)
22  => str2entry
23  <= str2entry(uid=Accounting,ou=Special Users,o=TheCompany,c=AU) -> -1
(0xc29f8)
24  <= id2entry_r( 5 ) 0xc29f8 (disk)
25  => access_allowed: auth access to "uid=Accounting,ou=Special
Users,o=TheCompany,c=AU" "userPassword" requested
26  => acl_get: [1] check attr userPassword
27  <= acl_get: [1] acl uid=Accounting,ou=Special Users,o=TheCompany,c=AU
attr: userPassword
28  => acl_mask: access to entry "uid=Accounting,ou=Special
Users,o=TheCompany,c=AU", attr "userPassword" requested
29  => acl_mask: to all values by "", (=n)
30  <= check a_dn_pat: uid=Replicator,ou=Special Users,o=TheCompany,c=au
31  => string_expand: pattern:  uid=Replicator,ou=Special
Users,o=TheCompany,c=au
32  => string_expand: expanded: uid=Replicator,ou=Special
Users,o=TheCompany,c=au
33  => regex_matches: string:
34  => regex_matches: rc: 1 no matches
35  <= check a_dn_pat: uid=Accounting,ou=Special Users,o=TheCompany,c=au
36  => string_expand: pattern:  uid=Accounting,ou=Special
Users,o=TheCompany,c=au
37  => string_expand: expanded: uid=Accounting,ou=Special
Users,o=TheCompany,c=au
38  => regex_matches: string:
39  => regex_matches: rc: 1 no matches
40  <= acl_mask: no more <who> clauses, returning =n (stop)
41  => access_allowed: auth access denied by =n
42  --------------------------------------------------

Warren Dale -- WorldCom
* Email .. dale.warren@wcom.com.au

Follow-Ups:
- Re: ACL problem with version 2.0.23
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: RE: Multiple Objectclass in Backend SQL
Next by Date: Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
Index(es):
- Chronological
- Thread