ACL does not seem to work 1.0.8
Debian wheezy, fresh install under 1.0.7 then upgraded to 1.0.8.
A. in var/log/messages, i found (just after my login)
Aug 20 13:52:31 serveur apache2: FusionDirectory [adminfd]: (view) error: PHP error: ACL category 'phone' for classes 0,networkSettings has no definition (/usr/share/fusiondirectory/include/class_config.inc, line 1356) Aug 20 13:52:31 serveur apache2: FusionDirectory [adminfd]: (view) error: PHP error: ACL category 'winstation' for classes 0,networkSettings has no definition (/usr/share/fusiondirectory/include/class_config.inc, line 1356) Aug 20 13:52:31 serveur apache2: FusionDirectory [adminfd]: (security) login: User "adminfd" logged in successfully
B. I try to create an ACL to allow one specific user to read userPassword attribute
so
- I go to "Rôles ACL" then Action - create - role Base is /, the name is PasswordAccess Then under the box ACL / click "add" then, under "user", i allow "read" on password and information. Then apply/apply/ok
Log says : (create) cn=PasswordAccess,ou=aclroles,dc=blah,dc=lan of type plugin/aclRole objectClass,cn,gosaAclTemplate: Success
- go to menu ACL Assignment edit the only existing entry, called "[ACL Assignment]"
I click Add and choose acl type subtree and the PasswordAccess role. Then under, I add the user "myuser"
var/log/messages : FusionDirectory [adminfd]: (modify) dc=blah,dc=lan of type plugin/aclAssignment gosaAclEntry: Success
if i test with
slapacl -D uid=myuser,ou=people,o=applications,dc=blah,dc=lan -b uid=anotheruser,ou=people,o=myorganisation,dc=blah,dc=lan "userPassword/read"
i get a "read access to userPassword: DENIED" if i test with uid/read, i get an "ALLOWED".
Do i do something wrong or is it linked to Bugs #3212 (closed) ? (i don't have user expiration enabled)
(from redmine: issue id 3288, created on 2014-08-20, closed on 2014-08-20)
- Custom Fields:
- Bug in version: 1.0.8