daniel@pluta.biz wrote:

Full_Name: Daniel Pluta Version: MASTER OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:470:9feb:ff03:4dbf:1141:9dad:2f88)

It seems to me, that the following acl statement isn't correctly unparsed within aclparse.c:

to dn.base="ou=persons,o=test" attrs=seeAlso val/distinguishedNameMatch="" by users read

Starting slapd using loglevel 128 reports:

Backend ACL: access to dn.base="ou=persons,o=test" attrs=seeAlso by users read

I would have expected:

Backend ACL: access to dn.base="ou=persons,o=test" attrs=seeAlso val/distinguishedNameMatch="" by users read

As the empty DN is empty, the problem seems to be located in aclparse.c's acl_unparse()'s statement

if ( !BER_BVISEMPTY( &a->acl_attrval ) )

or even in the parse_acl() flagless spliting into left and right.

Sounds right. Thanks for the report, fixed in master.