[DIRSERVER-1895] ACLs have no effect - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.0.0-M15
Fix Version/s: None
Component/s: aci
Labels:
- acl
Environment:
FreeBSD 9.1-RELEASE-p6

Description

Following ACL does not what I expected:

{
identificationTag "mtaAclElement",
precedence 0,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name

{ "cn=mta,dc=ip6,dc=li" }

}
,
userPermissions
{
{
protectedItems
{
entry,
attributeType

{ tsnetDomainName, tsnetMailHost, uid }

}
,
grantsAndDenials

{ grantBrowse, grantRead, grantReturnDN, grantCompare }

}
}
}
}

This ACL should allow DN cn=mta,dc=ip6,dc=li access to attributes
uid
tsnetDomainName
tsnetMailHost
and to list all DN entries. A test (temporary allow to list all
attributes) proved that this ACL matches.

but
ldapsearch -H ldap://192.168.116.29:10389 -x -D "cn=mta,dc=ip6,dc=li" -w
VerySecretPassword -b "dc=ip6,dc=li"

lists DN entries only:

pug@felsing.net, freemail, ip6.li
dn: uid=pug@felsing.net,ou=freemail,dc=ip6,dc=li
...

Attributes listed on attributeType are not shown.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Christian Felsing

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Sep/13 15:54

Updated:: 28/Jun/19 06:34