dieter@dkluenter.de wrote:
Full_Name: Dieter Version: HEAD OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.142.238.55)
Hello, test046 fails due to insufficient access.
slapd.1.log:
==> bdb_add: cn=Meeting,ou=Groups,dc=example,dc=com oc_check_required entry (cn=Meeting,ou=Groups,dc=example,dc=com), objectClass "g roupOfNames" oc_check_required entry (cn=Meeting,ou=Groups,dc=example,dc=com), objectClass "d ynamicObject" oc_check_allowed type "objectClass" oc_check_allowed type "cn" oc_check_allowed type "member" oc_check_allowed type "entryTtl" oc_check_allowed type "entryExpireTimestamp" oc_check_allowed type "structuralObjectClass" bdb_dn2entry("cn=meeting,ou=groups,dc=example,dc=com") => bdb_dn2id("cn=meeting,ou=groups,dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) dnMatch 0 "cn=bjorn jensen,ou=information technology division,ou=people,dc=example ,dc=com" "cn=bjorn jensen,ou=information technology division,ou=people,dc=example ,dc=com" bdb_add: no write access to attribute send_ldap_result: conn=21 op=1 p=3 send_ldap_result: err=50 matched="" text="no write access to attribute" send_ldap_response: msgid=2 tag=105 err=50 ber_flush2: 42 bytes to sd 13 conn=21 op=1 RESULT tag=105 err=50 text=no write access to attribute connection_get(13)
Looks like another side effect of checking write permission on attributes during add. At this point, I suspect we'd better add a configure switch that allows restore the old behavior. The switch could be removed as soon as obsolete, much like what occurred to schemacheck.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------