Attachment 1573930 Details for Bug 1714247 – ipv6

ipv6

766519.txt (text/plain), 3.55 KB, created by Viktor Ashirov on 2019-05-27 13:44:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Viktor Ashirov

Created: 2019-05-27 13:44:44 UTC

Size: 3.55 KB

patch

obsolete

>Root access (read) allowed on entry(dc=example,dc=com)
>acl_access_allowed - conn=1 op=25 (main): Allow write on entry(dc=example,dc=com): root user
>__aclp__sanity_check_acltxt - Normalized String:version 3.0; acl "IP aci";allow(all) userdn = "ldap:///uid=FULLIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com" and ip = "*";
>__aclp__sanity_check_acltxt - Normalized String:version 3.0; acl "IP aci";allow(all) userdn = "ldap:///uid=FULLIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com" and ip = "*";
>__acllist_add_aci - Added the ACL: "IP aci" to existing container:[1]dc=example,dc=com
>acl_access_allowed - #### conn=2 op=1 binddn="uid=fullip_key,ou=ip,ou=keywords,dc=example,dc=com"
>acllist_aciscan_update_scan - Searching AVL tree for update:ou=ip,ou=keywords,dc=example,dc=com: container:-1
>acllist_aciscan_update_scan - Searching AVL tree for update:ou=keywords,dc=example,dc=com: container:-1
>acllist_aciscan_update_scan - Searching AVL tree for update:dc=example,dc=com: container:1
>acllist_aciscan_update_scan - Searching AVL tree for update:dc=com: container:-1
>    ************ RESOURCE INFO STARTS *********
>    Client DN: uid=fullip_key,ou=ip,ou=keywords,dc=example,dc=com
>    resource type:256(write target_DN )
>    Slapi_Entry DN: ou=ip,ou=keywords,dc=example,dc=com
>    ATTR: seeAlso
>    rights:write
>    ************ RESOURCE INFO ENDS   *********
>acl__scan_for_acis - Using ACL Container:0 for evaluation
>***BEGIN ACL INFO[ Name: "Enable self write for common attributes"]***
>ACL Index:3   ACL_ELEVEL:7
>ACI type:(write target_attr acltxt allow_rule )
>ACI RULE type:(userdn )
>Slapi_Entry DN:dc=example,dc=com
>***END ACL INFO*****************************
>***BEGIN ACL INFO[ Name: "Directory Administrators Group"]***
>ACL Index:4   ACL_ELEVEL:6
>ACI type:(compare search read write delete add self target_attr acltxt allow_rule )
>ACI RULE type:(groupdn )
>Slapi_Entry DN:dc=example,dc=com
>***END ACL INFO*****************************
>***BEGIN ACL INFO[ Name: "IP aci"]***
>ACL Index:15   ACL_ELEVEL:2
>ACI type:(compare search read write delete add self target_DN target_attr acltxt allow_rule )
>ACI RULE type:(userdn ip )
>Slapi_Entry DN:dc=example,dc=com
>***END ACL INFO*****************************
>acl__scan_for_acis - Num of ALLOW Handles:3, DENY handles:0
>acl_access_allowed - Processed attr:seeAlso for entry:ou=ip,ou=keywords,dc=example,dc=com
>acl__TestRights - 1. Evaluating ALLOW aci(15) " "IP aci""
>DS_LASIpGetter - Returning client ip address 'fe80::f816:3eff:fe57:162f%eth0'
>acl__TestRights - 2. Evaluating ALLOW aci(4) " "Directory Administrators Group""
>aclg_get_usersGroup - ALLOCATING GROUP FOR:uid=fullip_key,ou=ip,ou=keywords,dc=example,dc=com
>acllas__user_ismember_of_group - Evaluating user uid=fullip_key,ou=ip,ou=keywords,dc=example,dc=com in group cn=Directory Administrators,dc=example,dc=com?
>acllas__user_ismember_of_group - Not in cn=Directory Administrators,dc=example,dc=com
>acllas__user_ismember_of_group - Not in cn=Directory Manager
>acllas__user_ismember_of_group - Adding Group (cn=Directory Manager) ParentGroup (cn=Directory Administrators,dc=example,dc=com) to the NOT IN GROUP List
>acllas__user_ismember_of_group - Adding Group (cn=Directory Administrators,dc=example,dc=com) ParentGroup (NULL) to the NOT IN GROUP List
>acl__TestRights - 3. Evaluating ALLOW aci(3) " "Enable self write for common attributes""
>print_access_control_summary - conn=2 op=1 (main): Deny write on entry(ou=ip,ou=keywords,dc=example,dc=com).attr(seeAlso) to uid=fullip_key,ou=ip,ou=keywords,dc=example,dc=com: no aci matched the subject by aci(3): aciname= "Enable self write for common attributes", acidn="dc=example,dc=com"
>

Actions: View

Attachments on bug 1714247: 1573929 | 1573930