Hi4All! :)
I notice that active RWM/Remap overlay affects ACL-subsystem when ACL checks access to pseudoatribute "entry" and this strange situation occurs even if i not use any rules for rewrite/remap. Нerewith without the loaded overlay RWM all works correctly... In debug mode slapd with active RWM (no rewrite rules!) deny all access to attribute entry except for "root" user
=> access_allowed: search access to "uid=akkerman,cn=Directory Server Admins,ou=Groups,dc=r2,dc=money,dc=ge,dc=com" "objectClass" requested <= test_filter 5 => acl_get: [13] attr entry => slap_access_allowed: result not in cache (entry) => acl_mask: access to entry "uid=akkerman,cn=Directory Server Admins,ou=Groups,dc=r2,dc=money,dc=ge,dc=com", attr "entry" requested => acl_mask: to all values by "", (none(=0)) <= check a_dn_pat: * <= acl_mask: [1] applying none(=0) (stop) <= acl_mask: [1] mask: none(=0) => slap_access_allowed: read access denied by none(=0)
This problem may be solved by adding radically liberate rule to the beginning of olcAccess sequence in cn=config: olcAccess: {1}to * attrs=entry by * read
Is it a bug?