Re: Enforcing attribute ACL on add operations

3 Oct 2008


      Pierangelo Masarati ando@sys-net.it wrote:
...
I mean: test006 is broken now, we can no longer make test.  You should
check why the test is broken and try to fix it :)  Probably, according
to the old access rule, a user with "add" permission for entries is 
adding an entry without having "add" permission on all the attributes.
The culprit is the ACL on attrs=objectclass at the top of the file:
access         to attrs=objectclass
                    by * =rsc stop
If I change it that way, test006 passes:
access         to attrs=objectclass
               by dn.exact="cn=Bjorn Jensen,ou=Information Technology
Division,ou=People,dc=example,dc=com" add
                by * =rsc stop
Not sure it is a correct fix, through.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Enforcing attribute ACL on add operations