Hi,
Sets in ACLs doesn't work for me. I have this short LDIF:
dn: uid=jj00001,ou=Users,dc=lm,dc=lt
changetype: modify
replace: lmPersonAuthCode
lmPersonAuthCode: 1
and this kind of ACL with minimal set:
{24}to dn.one="ou=Users,dc=lm,dc=lt" attrs=lmPersonAuthCode
by dn.exact="cn=import,ou=Apps,dc=lm,dc=lt" write
by dn.exact="cn=lm,ou=Apps,dc=lm,dc=lt" write
by set="users & [ok]" write
by * none
and this in the logs:
: => acl_mask: access to entry "uid=jj00001,ou=Users,dc=lm,dc=lt", attr
"lmPersonAuthCode" requested
: => acl_mask: to all values by "uid=mm00001,ou=users,dc=lm,dc=lt", (=0)
: <= check a_dn_pat: cn=import,ou=apps,dc=lm,dc=lt
: <= check a_dn_pat: cn=lm,ou=apps,dc=lm,dc=lt
: <= check a_dn_pat: *
: <= acl_mask: [3] applying none(=0) (stop)
: <= acl_mask: [3] mask: none(=0)
: => slap_access_allowed: delete access denied by none(=0)
Looks like set clause excluded from acl checks. What I'm doing wrong?
Sets will be expanded to do acls based on relationships.
OS: Debian
package: slapd
version: 2.4.31-1+nmu2
arch: amd64
--
Pagarbiai,
Nerijus Kislauskas
KTU ITD, Litnet valdymo centras
Studentu g. 48a - 101, Kaunas
tel.: (8~37) 30 06 45
mob. tel.: 8-614-93889
e-mail.: nerijus.kislauskas@ktu.lt
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature