Re: Trouble with authentication

Chris Irwin (cirwin@concept5.com)
Thu, 08 Aug 1996 16:58:24 -0400

Gordon Good wrote:
>
> Chris Irwin wrote:
>
> > I also tried an ldapmodify and get a sort of different error although
> > I thought that the last ACL should get a match on the 'to' field unlike
> > the trace output seems to indicate ?
> >
> > Any thoughts ?
>
> What happens if you temporarily turn off all the access control, and
> just use acls which allow users to write their own entries?
>
> This could be a DN normalization bug, e.g. somewhere the acl routines
> are comparing a normalized DN to a non-normalized DN and the compare
> fails. SO try something like (check this syntax, I'm doing it off the
> top of my head)
>
> access to *
> by self write
> by * read
>
> If that works, then try putting the fancy acls back in and making all
> the DNs in slapd.conf normalized (no spaces between DN components), e.g.
>
> cn=Christopher S Irwin, o=Concept Five Technologies, c=US
>
> is not normalized, while
>
> cn=Christopher S Irwin,o=Concept Five Technologies,c=US
>
> is normalized.
>
> If this fixes the problem, then it's a DN normalization bug in slapd.
>
> --
> Gordon Good (opinions expressed here are mine,
> Netscape Communications Corp. not necessarily my employer's)
> Mountain View, CA

Gordon,

That seems to be the problem !

Thanks,

Chris

-- 
Christopher S. Irwin
Concept Five Technologies, Inc.		Phone: 703-610-1920
7525 Colshire Drive			Fax:   703-610-1853
McLean Virginia 22102-7400		Email: cirwin@concept5.com