[389-users] errors log - NSACLPlugin - acllas__client_match_URL:

Rich Megginson rmeggins at redhat.com
Fri Feb 1 19:20:58 UTC 2013 

On 01/31/2013 09:17 AM, Picture Book wrote:
> After using dynamic group in ACL, I see the following messages in errors log
>
> 1
> ldapsearch -h localhost -p 389 -D "uid=ttest,ou=people,ou=Test,dc=example,dc=com" -w sp -b "ou=people,ou=Test,dc=example,dc=com"
>
> [31/Jan/2013:10:53:36 -0500] NSACLPlugin - acllas__client_match_URL: url [ldap:///ou=special,ou=test,dc=example,dc=com??one?(&(objectclass=inetorgperson)(cn=*))] scope is onelevel but dn [ou=special,ou=test,dc=example,dc=com] is not a direct child of [ou=people,ou=test,dc=example,dc=com]
>
> 2.
> ldapsearch -h localhost -p 389 -D "uid=test11,ou=Test,dc=example,dc=com" -w sp -b "ou=people,ou=Test,dc=example,dc=com"
>
> [31/Jan/2013:10:58:12 -0500] NSACLPlugin - acllas__client_match_URL: url [ldap:///ou=special,ou=test,dc=example,dc=com??one?(&(objectclass=inetorgperson)(cn=*))] scope is onelevel but dn [ou=special,ou=test,dc=example,dc=com] is not a direct child of [ou=test,dc=example,dc=com]
>
> repeat search 1&  2, acllas__client_match_URL error message doen't repeat.
>
> 3.
> ldapsearch -h localhost -p 389 -D "uid=aclp,ou=special,ou=Test,dc=example,dc=com" -w sp -b "ou=people,ou=Test,dc=example,dc=com"
>
> no message in errors log

What platform?  What 389-ds-base version?
Not sure exactly what you're trying to do.

>
> This is the dynamic group:
>
> dn: cn=all special users,ou=special,ou=Test,dc=example,dc=com
> objectClass: groupofurls
> objectClass: groupofuniquenames
> objectClass: top
> cn: all special users
> memberURL: ldap:///ou=special,ou=test,dc=example,dc=com??one?(&(objectclass=
>   inetorgperson)(cn=*))
>
> This is the ACL
> dn: ou=people,ou=Test,dc=example,dc=com
> objectClass: organizationalunit
> objectClass: top
> ou: people
> aci: (targetattr = "*") (version 3.0;acl "special users";allow (all)(groupdn
>    = "ldap:///cn=all special users,ou=special,ou=Test,dc=example,dc=com");)
> createTimestamp: 20130131152507Z
>
> The following is the ldif export of the test setup
>
> version: 1
> dn: ou=Test,dc=example,dc=com
> objectClass: organizationalunit
> objectClass: top
> ou: Test
> createTimestamp: 20130123175104Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: ou=test,dc=example,dc=com
> entryid: 10
> hasSubordinates: TRUE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130123175104Z
> nsUniqueId: 6428fe79-658511e2-9283c9b9-f4c01566
> numSubordinates: 5
> parentid: 1
> subschemaSubentry: cn=schema
> dn: cn=mygroup,ou=Test,dc=example,dc=com
> objectClass: groupofuniquenames
> objectClass: top
> cn: mygroup
> uniqueMember: uid=test11,ou=test,dc=example,dc=com
> createTimestamp: 20130123175116Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: cn=mygroup,ou=test,dc=example,dc=com
> entryid: 11
> hasSubordinates: FALSE
> modifiersName: cn=referential integrity postoperation,cn=plugins,cn=config
> modifyTimestamp: 20130123182725Z
> nsUniqueId: 6428fe7a-658511e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 10
> subschemaSubentry: cn=schema
> dn: uid=test11,ou=Test,dc=example,dc=com
> objectClass: inetorgperson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: test 1
> sn: 1
> givenName: test
> uid: test11
> userPassword:: e1NTSEF9QUNkS1NiOFVkOFJQSy9TeklGN2pCN2trblQvYWpkZjBwZy84c0E9P
>   Q==
> createTimestamp: 20130123175131Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: uid=test11,ou=test,dc=example,dc=com
> entryid: 12
> hasSubordinates: FALSE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131155727Z
> nsUniqueId: 6428fe7b-658511e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 10
> passwordGraceUserTime: 0
> subschemaSubentry: cn=schema
> dn: ou=people,ou=Test,dc=example,dc=com
> objectClass: organizationalunit
> objectClass: top
> ou: people
> aci: (targetattr = "*") (version 3.0;acl "special users";allow (all)(groupdn
>    = "ldap:///cn=all special users,ou=special,ou=Test,dc=example,dc=com");)
> createTimestamp: 20130131152507Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: ou=people,ou=test,dc=example,dc=com
> entryid: 13
> hasSubordinates: TRUE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131155032Z
> nsUniqueId: 55ac9901-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 1
> parentid: 10
> subschemaSubentry: cn=schema
> dn: ou=groups,ou=Test,dc=example,dc=com
> objectClass: organizationalunit
> objectClass: top
> ou: groups
> createTimestamp: 20130131152521Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: ou=groups,ou=test,dc=example,dc=com
> entryid: 14
> hasSubordinates: FALSE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131152521Z
> nsUniqueId: 55ac9902-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 10
> subschemaSubentry: cn=schema
> dn: ou=special,ou=Test,dc=example,dc=com
> objectClass: organizationalunit
> objectClass: top
> ou: special
> createTimestamp: 20130131152543Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: ou=special,ou=test,dc=example,dc=com
> entryid: 15
> hasSubordinates: TRUE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131152543Z
> nsUniqueId: 796fdf01-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 2
> parentid: 10
> subschemaSubentry: cn=schema
> dn: uid=aclp,ou=special,ou=Test,dc=example,dc=com
> objectClass: inetorgperson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: acl problem
> sn: problem
> givenName: acl
> uid: aclp
> userPassword:: e1NTSEF9dE1MR0F6bzhjcDJMb2JTN2FoMkZTcnE1RS9PTXg2S0FEUEtjMnc9P
>   Q==
> createTimestamp: 20130131152618Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: uid=aclp,ou=special,ou=test,dc=example,dc=com
> entryid: 16
> hasSubordinates: FALSE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131152854Z
> nsUniqueId: 796fdf02-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 15
> passwordGraceUserTime: 0
> subschemaSubentry: cn=schema
> dn: cn=all special users,ou=special,ou=Test,dc=example,dc=com
> objectClass: groupofurls
> objectClass: groupofuniquenames
> objectClass: top
> cn: all special users
> memberURL: ldap:///ou=special,ou=test,dc=example,dc=com??one?(&(objectclass=
>   inetorgperson)(cn=*))
> createTimestamp: 20130131152806Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: cn=all special users,ou=special,ou=test,dc=example,dc=com
> entryid: 17
> hasSubordinates: FALSE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131155311Z
> nsUniqueId: c0f66b01-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 15
> subschemaSubentry: cn=schema
> dn: uid=ttest,ou=people,ou=Test,dc=example,dc=com
> objectClass: inetorgperson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: test test
> sn: test
> givenName: test
> uid: ttest
> userPassword:: e1NTSEF9VktyMVRzbHgxbVRJbGJJQlRnTXlRamVmREpHVE1nQk8yNnNucVE9P
>   Q==
> createTimestamp: 20130131152911Z
> creatorsName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRo
>   ot
> entrydn: uid=ttest,ou=people,ou=test,dc=example,dc=com
> entryid: 18
> hasSubordinates: FALSE
> modifiersName: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeR
>   oot
> modifyTimestamp: 20130131154252Z
> nsUniqueId: e4b9b101-6bba11e2-9283c9b9-f4c01566
> numSubordinates: 0
> parentid: 13
> passwordGraceUserTime: 0
> subschemaSubentry: cn=schema 		 	   		
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130201/67abfbfe/attachment.html>

More information about the 389-users mailing list