Hi,
I have upgraded from 2.3.43 to 2.4.22 on CentOS 5.5.
Everything works fine, except my ACLs don't work on the new version.
Strange results occur.
Has anything changed significantly in v2.4 ACLs in comparison to v2.3 ACLs?
For example, the following piece of code works as expected in v2.3 but
not in v2.4. If some user logs in and is a member of a GroupXAdmins
(where X = 1-6), he can't see the branch at all.
# Allow access to entries of the subtree
#
access to dn.sub="dc=12.11.10.in-addr.arpa,ou=dns1,dc=example,dc=com"
attrs="children,entry"
by group.exact="cn=Group1Admins,ou=Groups,dc=example,dc=com" write
by group.exact="cn=Group2Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group3Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group4Admins,ou=Groups,dc=example,dc=com" write
by group.exact="cn=Group5Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group6Admins,ou=Groups,dc=example,dc=com" read
by dn.exact="uid=dnsauthusr,ou=System,dc=example,dc=gr" read
by * break
# Allow access to all attributes of the subtree
#
access to dn.sub="dc=12.11.10.in-addr.arpa,ou=dns1,dc=example,dc=com"
by group.exact="cn=Group1Admins,ou=Groups,dc=example,dc=com" write
by group.exact="cn=Group2Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group3Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group4Admins,ou=Groups,dc=example,dc=com" write
by group.exact="cn=Group5Admins,ou=Groups,dc=example,dc=com" read
by group.exact="cn=Group6Admins,ou=Groups,dc=example,dc=com" read
by dn.exact="uid=dnsauthusr,ou=System,dc=example,dc=com" read
where Groups are of the form:
dn: cn=Group1Admins,ou=Groups,dc=example,dc=com
objectClass: groupOfNames
cn: Group1Admins
member: uid=userx,ou=people,dc=example,dc=com
Please, help.
Nick