0
Ich habe die folgenden Zugriffsrechte in meinem "slapd.conf"Warum Slapd Schreibzugriff auf meine Bindung dn nicht gewährt?
access to attrs=uid,userPassword
by dn.one="cn=Dovecot Server,ou=people,dc=johannesgemeinde-berlin,dc=de" search
by dn.one="cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" read
by self write
by anonymous auth
by * none
access to attrs=mail
by dn.one="cn=Dovecot Server,ou=people,dc=johannesgemeinde-berlin,dc=de" read
by self write
by anonymous auth
by * none
access to dn.subtree="ou=people,o=SOGo Users,dc=johannesgemeinde-berlin,dc=de"
by dn.one="cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" write
by self write
by anonymous auth
by * none
access to dn.subtree=dc=johannesgemeinde-berlin,dc=de
by dn.one="cn=System Administrator-admin,ou=people,dc=johannesgemeinde-berlin,dc=de" manage
by dn.one="cn=admin,dc=johannesgemeinde-berlin,dc=de" manage
by self write
by anonymous auth
by * none
konfiguriert Aber im Protokoll erhalte ich keine Zugriffsrechte für „cn = SOGo Admin, ou = people, dc = Johannes-berlin, dc = de "
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: slap_listener_activate(8):
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 busy
May 10 18:03:03 dgrace slapd[29172]: >>> slap_listener(ldap://127.0.0.1:389/)
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: daemon: listen=8, new connection on 11
May 10 18:03:03 dgrace slapd[29172]: daemon: added 11r (active) listener=(nil)
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: conn=1001 fd=11 ACCEPT from IP=127.0.0.1:57860 (IP=127.0.0.1:389)
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]: 11r
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: read active on 11
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: connection_get(11)
May 10 18:03:03 dgrace slapd[29172]: connection_get(11): got connid=1001
May 10 18:03:03 dgrace slapd[29172]: connection_read(11): checking for input on id=1001
May 10 18:03:03 dgrace slapd[29172]: op tag 0x60, time 1462896183
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=0 do_bind
May 10 18:03:03 dgrace slapd[29172]: >>> dnPrettyNormal: <cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de>
May 10 18:03:03 dgrace slapd[29172]: <<< dnPrettyNormal: <cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de>, <cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de>
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=0 BIND dn="cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" method=128
May 10 18:03:03 dgrace slapd[29172]: do_bind: version=3 dn="cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" method=128
May 10 18:03:03 dgrace slapd[29172]: ==> bdb_bind: dn: cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de
May 10 18:03:03 dgrace slapd[29172]: bdb_dn2entry("cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de")
May 10 18:03:03 dgrace slapd[29172]: => access_allowed: result not in cache (userPassword)
May 10 18:03:03 dgrace slapd[29172]: => access_allowed: auth access to "cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" "userPassword" requested
May 10 18:03:03 dgrace slapd[29172]: => acl_get: [1] attr userPassword
May 10 18:03:03 dgrace slapd[29172]: => acl_mask: access to entry "cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de", attr "userPassword" requested
May 10 18:03:03 dgrace slapd[29172]: => acl_mask: to value by "", (=0)
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: cn=dovecot server,ou=people,dc=johannesgemeinde-berlin,dc=de
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: self
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: anonymous
May 10 18:03:03 dgrace slapd[29172]: <= acl_mask: [4] applying auth(=xd) (stop)
May 10 18:03:03 dgrace slapd[29172]: <= acl_mask: [4] mask: auth(=xd)
May 10 18:03:03 dgrace slapd[29172]: => slap_access_allowed: auth access granted by auth(=xd)
May 10 18:03:03 dgrace slapd[29172]: => access_allowed: auth access granted by auth(=xd)
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=0 BIND dn="cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" mech=SIMPLE ssf=0
May 10 18:03:03 dgrace slapd[29172]: do_bind: v3 bind: "cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de" to "cn=SOGo Admin,ou=people,dc=johannesgemeinde-berlin,dc=de"
May 10 18:03:03 dgrace slapd[29172]: send_ldap_result: conn=1001 op=0 p=3
May 10 18:03:03 dgrace slapd[29172]: send_ldap_result: err=0 matched="" text=""
May 10 18:03:03 dgrace slapd[29172]: send_ldap_response: msgid=1 tag=97 err=0
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=0 RESULT tag=97 err=0 text=
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]: 11r
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: read active on 11
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: connection_get(11)
May 10 18:03:03 dgrace slapd[29172]: connection_get(11): got connid=1001
May 10 18:03:03 dgrace slapd[29172]: connection_read(11): checking for input on id=1001
May 10 18:03:03 dgrace slapd[29172]: op tag 0x63, time 1462896183
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=1 do_search
May 10 18:03:03 dgrace slapd[29172]: >>> dnPrettyNormal: <ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de>
May 10 18:03:03 dgrace slapd[29172]: <<< dnPrettyNormal: <ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de>, <ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de>
May 10 18:03:03 dgrace slapd[29172]: SRCH "ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de" 2 0
May 10 18:03:03 dgrace slapd[29172]: 0 0 0
May 10 18:03:03 dgrace slapd[29172]: begin get_filter
May 10 18:03:03 dgrace slapd[29172]: OR
May 10 18:03:03 dgrace slapd[29172]: begin get_filter_list
May 10 18:03:03 dgrace slapd[29172]: begin get_filter
May 10 18:03:03 dgrace slapd[29172]: EQUALITY
May 10 18:03:03 dgrace slapd[29172]: end get_filter 0
May 10 18:03:03 dgrace slapd[29172]: begin get_filter
May 10 18:03:03 dgrace slapd[29172]: EQUALITY
May 10 18:03:03 dgrace slapd[29172]: end get_filter 0
May 10 18:03:03 dgrace slapd[29172]: end get_filter_list
May 10 18:03:03 dgrace slapd[29172]: end get_filter 0
May 10 18:03:03 dgrace slapd[29172]: filter: (|(uid=caladmin)(mail=caladmin))
May 10 18:03:03 dgrace slapd[29172]: attrs:
May 10 18:03:03 dgrace slapd[29172]: dn
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=1 SRCH base="ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de" scope=2 deref=0 filter="(|(uid=caladmin)(mail=caladmin))"
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=1 SRCH attr=dn
May 10 18:03:03 dgrace slapd[29172]: ==> limits_get: conn=1001 op=1 self="cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de" this="ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de"
May 10 18:03:03 dgrace slapd[29172]: => bdb_search
May 10 18:03:03 dgrace slapd[29172]: bdb_dn2entry("ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de")
May 10 18:03:03 dgrace slapd[29172]: => access_allowed: search access to "ou=people,o=SOGo Users,dc=johannesgemeinde-berlin,dc=de" "entry" requested
May 10 18:03:03 dgrace slapd[29172]: => dn: [3] ou=people,o=sogo users,dc=johannesgemeinde-berlin,dc=de
May 10 18:03:03 dgrace slapd[29172]: => acl_get: [3] matched
May 10 18:03:03 dgrace slapd[29172]: => acl_get: [3] attr entry
May 10 18:03:03 dgrace slapd[29172]: => acl_mask: access to entry "ou=people,o=SOGo Users,dc=johannesgemeinde-berlin,dc=de", attr "entry" requested
May 10 18:03:03 dgrace slapd[29172]: => acl_mask: to all values by "cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de", (=0)
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: cn=sogo admin,ou=people,dc=johannesgemeinde-berlin,dc=de
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: self
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: anonymous
May 10 18:03:03 dgrace slapd[29172]: <= check a_dn_pat: *
May 10 18:03:03 dgrace slapd[29172]: <= acl_mask: [4] applying none(=0) (stop)
May 10 18:03:03 dgrace slapd[29172]: <= acl_mask: [4] mask: none(=0)
May 10 18:03:03 dgrace slapd[29172]: => slap_access_allowed: search access denied by none(=0)
May 10 18:03:03 dgrace slapd[29172]: => access_allowed: no more rules
May 10 18:03:03 dgrace slapd[29172]: send_ldap_result: conn=1001 op=1 p=3
May 10 18:03:03 dgrace slapd[29172]: send_ldap_result: err=32 matched="" text=""
May 10 18:03:03 dgrace slapd[29172]: send_ldap_response: msgid=2 tag=101 err=32
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]: 11r
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: read active on 11
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: connection_get(11)
May 10 18:03:03 dgrace slapd[29172]: connection_get(11): got connid=1001
May 10 18:03:03 dgrace slapd[29172]: connection_read(11): checking for input on id=1001
May 10 18:03:03 dgrace slapd[29172]: op tag 0x42, time 1462896183
May 10 18:03:03 dgrace slapd[29172]: ber_get_next on fd 11 failed errno=0 (Success)
May 10 18:03:03 dgrace slapd[29172]: connection_read(11): input error=-2 id=1001, closing.
May 10 18:03:03 dgrace slapd[29172]: connection_closing: readying conn=1001 sd=11 for close
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on 1 descriptor
May 10 18:03:03 dgrace slapd[29172]: daemon: activity on:
May 10 18:03:03 dgrace slapd[29172]:
May 10 18:03:03 dgrace slapd[29172]: daemon: epoll: listen=8 active_threads=0 tvp=zero
May 10 18:03:03 dgrace slapd[29172]: connection_close: deferring conn=1001 sd=11
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=2 do_unbind
May 10 18:03:03 dgrace slapd[29172]: conn=1001 op=2 UNBIND
May 10 18:03:03 dgrace slapd[29172]: connection_resched: attempting closing conn=1001 sd=11
May 10 18:03:03 dgrace slapd[29172]: connection_close: conn=1001 sd=11
May 10 18:03:03 dgrace slapd[29172]: daemon: removing 11
May 10 18:03:03 dgrace slapd[29172]: conn=1001 fd=11 closed
Warum bekomme ich die Schreibberechtigung nicht von der dritten Zugriffsregel?
Ja, aber ich musste dn.base anstelle von dn.one verwenden. in den Zugriffsrechtsdefinitionen. Jetzt funktioniert es. – bibodo