Portál AbcLinuxu, 4. května 2025 02:12
access to dn.subtree="ou=my-users,dc=domain,dc=tld" attrs=entry,id,meno,priezvisko
by dn.exact="uid=user1,ou=people,dc=domain,dc=tld" read
access to dn.subtree="ou=my-users,dc=domain,dc=tld" attrs=entry,id,heslo
by dn.exact="uid=user2,ou=people,dc=domain,dc=tld" read
by * none
Debug log, v pripade, ze chce k LDAP pristupovat user2
conn=1002 op=1 SRCH base="ou=my-users,dc=domain,dc=tld" scope=2 deref=0 filter="(&(ID=1234)(typ=1))"
conn=1002 op=1 SRCH attr=heslo
==> limits_get: conn=1002 op=1 self="uid=user2,ou=people,dc=domain,dc=tld" this="ou=my-users,dc=domain,dc=tld"
=> bdb_search
bdb_dn2entry("ou=my-users,dc=domain,dc=tld")
=> access_allowed: search access to "ou=my-users,dc=domain,dc=tld" "entry" requested
=> dn: [1] ou=my-users,dc=domain,dc=tld
=> acl_get: [1] matched
=> acl_get: [1] attr entry
=> acl_mask: access to entry "ou=my-users,dc=domain,dc=tld", attr "entry" requested
=> acl_mask: to all values by "uid=user2,ou=people,dc=domain,dc=tld", (=0)
<= check a_dn_pat: uid=user1,ou=people,dc=domain,dc=tld
<= acl_mask: no more <*who*> clauses, returning =0 (stop)
=> slap_access_allowed: search access denied by =0
=> access_allowed: no more rules
send_ldap_result: conn=1002 op=1 p=3
send_ldap_result: err=32 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=32
Řešení dotazu:
access to dn.subtree="ou=my-users,dc=domain,dc=tld" attrs=entry,id
by dn.exact="uid=user2,ou=people,dc=domain,dc=tld" read
by dn.exact="uid=user1,ou=people,dc=domain,dc=tld" read
by * none
access to dn.subtree="ou=my-users,dc=domain,dc=tld" attrs=meno,priezvisko
by dn.exact="uid=user1,ou=people,dc=domain,dc=tld" read
by * none
access to dn.subtree="ou=my-users,dc=domain,dc=tld" attrs=heslo
by dn.exact="uid=user2,ou=people,dc=domain,dc=tld" read
by * none
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.