Full_Name: Rein Tollevik Version: 2.4.10 (CVS head) OS: linux, solaris URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.215.2.34) Submitted by: rein

Access control rules that uses connection data are evaluated using the wrong connection structure. The problem is in syncprov_matchop() where it around line 1233 assigns:

op2.o_hdr = op->o_hdr;

This causes ACL rules to be tested against the connection that made the change, not the syncrepl connection. It should retain the value from ss->s_op.

Rein Tollevik Basefarm AS