Markus Krause wrote:
Hi list!
i am using OpenLDAP 2.3.34-5.2 on a SLES10 server. in my LDAP database i am using the attribute "description" in some cases to store information which i do not want to be readable by everyone. to prevent it for all users but "admin" is use the following acl entry in slapd.conf: ---- slapd.conf access to attrs=description by dn="cn=Admin,o=test" write by group.exact="cn=Admingroup,ou=ACL,o=test" write by * none ---- slapd.conf this works but denies access to all but admin and members of group admingroup.
the i tried to set the following acl which should only deny access to the description field in a subtree: ---- slapd.conf access to dn.subtree="ou=people,o=test" attrs=description by dn="cn=Admin,o=test" write by group.exact="cn=Admingroup,o=test" write by * none ---- slapd.conf
this leads to a segmentation fault, the last lines of the debug output is: --- slapd -d 65535 config_build_entry: "cn={9}misc" config_build_entry: "olcDatabase={-1}frontend" Segmentation fault
so i obviously am doing something very wrong!
how can i allow or deny access to some attributes in a specific subtree?
thanks in advance for any hints!
You don't provide enough info to determine what's wrong. You should provide a stack backtrace (make sure you use a slapd compiled with debugging symbols and not stripped) and a complete (sanitized) slapd.conf.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------