Bug 177731 - Set access rules not working in OpenLDAP 2.2.13
Summary: Set access rules not working in OpenLDAP 2.2.13
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap   
(Show other bugs)
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jan Safranek
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-13 16:14 UTC by Mickaël Guessant
Modified: 2015-01-08 00:11 UTC (History)
1 user (show)

Fixed In Version: RHBA-2007-0739
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 16:03:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Backport set rules to OpenLDAP 2.2.13 (772 bytes, patch)
2006-01-13 16:15 UTC, Mickaël Guessant
no flags Details | Diff
New spec file for ACL set patch (46.45 KB, text/plain)
2006-01-13 16:18 UTC, Mickaël Guessant
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0739 normal SHIPPED_LIVE openldap bug fix update 2007-11-14 17:01:29 UTC

Description Mickaël Guessant 2006-01-13 16:14:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8) Gecko/20051111 Firefox/1.5

Description of problem:
Set based access rules are not working with current OpenLDAP version packaged in RHEL4 (2.2.13-4), they are simply ignored.

For example, the following rule does not work :
access to dn.regex="[^,]+,ou=functions,(.+),dc=root$"
  attrs=mobile
  by set="user/fullAccess & [TRUE]" read

This bug was fixed in the official OpenLDAP 2.2.16 release, 
in the servers/slapd/sets.c file, see :
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/sets.c.diff?r1=1.19&r2=1.20&hideattic=1&sortbydate=0&f=h

I backported this patch in OpenLDAP 2.2.13 and rebuilt the RPM. We checked
that this new RPM actually fixes the issue.

See attached file for exact patch content.




Version-Release number of selected component (if applicable):
openldap-2.2.13-4

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  

Additional info:

Comment 1 Mickaël Guessant 2006-01-13 16:15:34 UTC
Created attachment 123167 [details]
Backport set rules to OpenLDAP 2.2.13

Comment 2 Mickaël Guessant 2006-01-13 16:18:03 UTC
Created attachment 123168 [details]
New spec file for ACL set patch

Comment 3 RHEL Product and Program Management 2007-05-30 08:24:14 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 errata-xmlrpc 2007-11-15 16:03:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0739.html



Note You need to log in before you can comment on or make changes to this bug.