XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0-M15
    • Fix Version/s: None
    • Component/s: aci
    • Labels:
    • Environment:
      FreeBSD 9.1-RELEASE-p6

      Description

      Following ACL does not what I expected:

      {
      identificationTag "mtaAclElement",
      precedence 0,
      authenticationLevel simple,
      itemOrUserFirst userFirst:
      {
      userClasses
      {
      name

      { "cn=mta,dc=ip6,dc=li" }

      }
      ,
      userPermissions
      {
      {
      protectedItems
      {
      entry,
      attributeType

      { tsnetDomainName, tsnetMailHost, uid }

      }
      ,
      grantsAndDenials

      { grantBrowse, grantRead, grantReturnDN, grantCompare }

      }
      }
      }
      }

      This ACL should allow DN cn=mta,dc=ip6,dc=li access to attributes
      uid
      tsnetDomainName
      tsnetMailHost
      and to list all DN entries. A test (temporary allow to list all
      attributes) proved that this ACL matches.

      but
      ldapsearch -H ldap://192.168.116.29:10389 -x -D "cn=mta,dc=ip6,dc=li" -w
      VerySecretPassword -b "dc=ip6,dc=li"

      lists DN entries only:

      1. pug@felsing.net, freemail, ip6.li
        dn: uid=pug@felsing.net,ou=freemail,dc=ip6,dc=li
        ...

      Attributes listed on attributeType are not shown.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ip6li Christian Felsing
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: