Hi4All! :)
I notice that active RWM/Remap overlay affects ACL-subsystem when ACL
checks access to pseudoatribute "entry" and this strange situation
occurs even if i not use any rules for rewrite/remap. Нerewith without
the loaded overlay RWM all works correctly...
In debug mode slapd with active RWM (no rewrite rules!) deny all access
to attribute entry except for "root" user
=> access_allowed: search access to "uid=akkerman,cn=Directory Server
Admins,ou=Groups,dc=r2,dc=money,dc=ge,dc=com" "objectClass" requested
<= test_filter 5
=> acl_get: [13] attr entry
=> slap_access_allowed: result not in cache (entry)
=> acl_mask: access to entry "uid=akkerman,cn=Directory Server
Admins,ou=Groups,dc=r2,dc=money,dc=ge,dc=com", attr "entry" requested
=> acl_mask: to all values by "", (none(=0))
<= check a_dn_pat: *
<= acl_mask: [1] applying none(=0) (stop)
<= acl_mask: [1] mask: none(=0)
=> slap_access_allowed: read access denied by none(=0)
This problem may be solved by adding radically liberate rule to the
beginning of olcAccess sequence in cn=config:
olcAccess: {1}to * attrs=entry by * read
Is it a bug?
