https://bugs.openldap.org/show_bug.cgi?id=9800
Issue ID: 9800
Summary: ACL with set.expand in <who> clause does not work with
deref control
Product: OpenLDAP
Version: 2.6.1
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
This ACL returns correct values with a normal search requesting the attribute
sudoUser:
access to
dn.subtree="ou=ae-dir"
attrs=sudoUser
val.regex="^%(.+)$"
by set.expand="(user/-1 | user/aeSrvGroup)/aeLoginGroups &
[ldap:///ou=ae-dir?entryDN?sub?(&(objectClass=aeGroup)(aeStatus=0)(cn=${v1}))]/entryDN"
read
by * none
But it does not work with a search like this using deref control:
ldapsearch -Q -E deref=aeVisibleSudoers:cn,sudoUser '(objectClass=aeSrvGroup)'
For completeness see docs and schema for aeSrvGroup:
https://www.ae-dir.com/docs.html#schema-oc-aeSrvGroup
https://code.stroeder.com/AE-DIR/ansible-ae-dir-server/src/branch/master/files/schema/ae-dir.schema#L429
--
You are receiving this mail because:
You are on the CC list for the issue.
