Re: ACL Problem

[Selcuk Yazar]

hi,,

ok my new regex is

access to
dn.regex="(.*,ou=(.+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example)"

this find my entry and at slapd.conf

access to
dn.regex="(.*,ou=(.+),jvd=([^,]+),o=hosting,dc=myhosting,dc=example)"
        attrs=userPassword
        by self write
        by users write
        by anonymous auth
        by * none

and output like below, still gives no access write error, why is this so
diffucult ?

selcuk


conn=1002 op=1 PASSMOD old new
bdb_dn2entry("mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example")
=> bdb_entry_get: ndn: "mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
=> bdb_entry_get: oc: "(null)", at: "userPassword"
bdb_dn2entry("mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example")
=> bdb_entry_get: found entry: "mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
bdb_entry_get: rc=0
=> access_allowed: result not in cache (userPassword)
=> access_allowed: auth access to "mail=ede...@.......mail.........edu.tr
,ou=SOME_UNIT,jvd=.......mail.........edu.tr,o=hosting,dc=myhosting,dc=example"
"userPassword" requested
daemon: activity on 1 descriptor
=> slap_access_allowed: backend default auth access granted to "mail=edergi@
.......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
=> access_allowed: auth access granted by read(=rscxd)
=> bdb_entry_get: ndn: "mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
=> bdb_entry_get: oc: "(null)", at: "(null)"
bdb_dn2entry("mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example")
=> bdb_entry_get: found entry: "mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
bdb_entry_get: rc=0
=> bdb_entry_get: ndn: "cn=default,ou=policies,dc=myhosting,dc=example"
=> bdb_entry_get: oc: "(null)", at: "(null)"
bdb_dn2entry("cn=default,ou=policies,dc=myhosting,dc=example")
=> bdb_entry_get: found entry:
"cn=default,ou=policies,dc=myhosting,dc=example"
bdb_entry_get: rc=0
bdb_modify: mail=ede...@.......mail.........edu.tr
,ou=SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example
slap_queue_csn: queing 0x7f2bc6d441d0
20111220141330.053597Z#000000#000#000000
bdb_dn2entry("mail=ede...@.......mail.........edu.tr
,ou=LOWER_CASE_SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example")
bdb_modify_internal: 0x00000015: mail=ede...@.......mail.........edu.tr
,ou=SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example
 => access_allowed: backend default write access denied to "mail=edergi@
.......mail.........edu.tr,ou=SOME_UNIT,jvd=.......mail.........edu.tr
,o=hosting,dc=myhosting,dc=example"
bdb_modify: modify failed (50)





On Tue, Dec 20, 2011 at 1:21 PM, Martin Schuster (IFKL IT OS DS CD) <
martin.schust...@infineon.com> wrote:

> On 2011-12-20 11:02, Selcuk Yazar wrote:
> > [...]
> > (by the way how can i sure my regex match my entry, are the usefull regex
> > tool for check this.)
> > i chenged my regex
> > with dn.regex=".*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
> >
> Quick'n'dirty: use perl:
>
> perl -n -e 'print $1 if /.*,jvd=([^,]+),/'
>
> hth,
> --
> Infineon Technologies IT-Services GmbH   martin.schust...@infineon.com
> Lakeside B05, 9020 Klagenfurt, Austria   Martin Schuster
>         FB: LG Klagenfurt, FN 246787y   +43 5 1777 3517
>
>


-- 
Selçuk YAZAR
http://www.selcukyazar.blogspot.com