Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (193.157.200.213) Submitted by: hallvard
back-bdb, back-monitor: If attr A is ACL-protected and inherits from B, one can still check its value with ldapcompare ... 'B:value'. back-config: Compare doesn't seem to support attribute inheritance. root DSE, cn=subschema: Inheritance works correctly. ######## acl.conf include servers/slapd/schema/core.schema rootdse root.ldif access to attrs=st,cn by * none access to * by * read database bdb suffix o=foo directory acl.dir dbconfig set_flags DB_LOG_AUTOREMOVE database monitor database config access to * by * read ######## root.ldif dn: objectClass: extensibleObject st: hidden ######## slapadd: acl.ldif dn: o=foo objectClass: organization st: hidden ######## Results. cn=config should get TRUE, others UNDEFINED. ldapcompare -x cn=config name:config -> UNDEFINED, No such attribute (16) ldapcompare -x cn=config cn:config -> TRUE ldapcompare -x o=foo name:hidden -> TRUE ldapcompare -x o=foo st:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x cn=monitor name:monitor -> TRUE ldapcompare -x cn=monitor cn:monitor -> UNDEFINED, Insufficient access (50) ldapcompare -x '' name:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x '' cn:hidden -> UNDEFINED, Insufficient access (50) ldapcompare -x cn=subschema cn:subschema ->UNDEFINED,Insufficient access (50) ldapcompare -x cn=subschema name:subschema ->UNDEFINED,Insufficient access (50)
