[turba] Feature Request

Derek J. Balling dredd@megacity.org
Sat, 17 Aug 2002 17:57:48 -0400


> When making a modification using turba I get the following on success 
> (err=0):
>
> Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=3 MOD \
>     dn="mail=eculp@insourcery.com,ou=people,o=worldinternet.org"
> Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=3 RESULT tag=103 
> err=0 text=
> Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=4 UNBIND

OK, I think we're getting close... I see something different:

Aug 17 16:47:09 ldap slapd[31762]: conn=4 op=2 SEARCH RESULT tag=101 
err=0 text=
Aug 17 16:47:09 ldap slapd[31761]: conn=4 op=3 MOD 
dn="uid=dballing,ou=People,dc=byramhealthcare,dc=com"
Aug 17 16:47:09 ldap slapd[31761]: => access_allowed: write access to 
"uid=dballing,ou=People,dc=byramhealthcare,dc=com" "cn" requested
Aug 17 16:47:09 ldap slapd[31761]: => acl_get: [1] check attr cn
Aug 17 16:47:09 ldap slapd[31761]: => acl_get: [2] check attr cn
Aug 17 16:47:09 ldap slapd[31761]: => acl_get: [3] check attr cn
Aug 17 16:47:09 ldap slapd[31761]: => acl_get: [4] check attr cn
Aug 17 16:47:09 ldap slapd[31761]: <= acl_get: [4] acl 
uid=dballing,ou=People,dc=byramhealthcare,dc=com attr: cn
Aug 17 16:47:09 ldap slapd[31761]: => acl_mask: access to entry 
"uid=dballing,ou=People,dc=byramhealthcare,dc=com", attr "cn" requested
Aug 17 16:47:09 ldap slapd[31761]: => acl_mask: to all values by 
"UID=DBALLING,OU=PEOPLE,DC=BYRAMHEALTHCARE,DC=COM", (=n)
Aug 17 16:47:09 ldap slapd[31761]: <= check a_dn_pat: 
cn=admin,dc=byramhealthcare,dc=com
Aug 17 16:47:09 ldap slapd[31761]: <= check a_dn_pat: *
Aug 17 16:47:09 ldap slapd[31761]: <= acl_mask: [2] applying read 
(=rscx) (stop)
Aug 17 16:47:09 ldap slapd[31761]: <= acl_mask: [2] mask: read (=rscx)


It's important to note that I can fire up ldapexplorer, bind as myself, 
and tinker with the phone and fax entries at will, so the problem must 
be somewhere in turba. It SEEMS like Turba is wanting write privs on the 
cn (the first attribute), not the attribute it is trying to change.

I notice when I do it via ldapexplorer I get things like:


Aug 17 16:53:05 ldap slapd[31761]: => acl_mask: access to entry 
"uid=dballing,ou=People,dc=byramhealthcare,dc=com", attr 
"telephoneNumber"
requested
Aug 17 16:53:05 ldap slapd[31761]: => acl_mask: to value by 
"UID=DBALLING,OU=PEOPLE,DC=BYRAMHEALTHCARE,DC=COM", (=n)
Aug 17 16:53:05 ldap slapd[31761]: <= check a_dn_pat: 
cn=admin,dc=byramhealthcare,dc=com Aug 17 16:53:05 ldap slapd[31761]: <= 
check a_dn_pat: anonymous
Aug 17 16:53:05 ldap slapd[31761]: <= check a_dn_pat: self
Aug 17 16:53:05 ldap slapd[31761]: <= acl_mask: [3] applying write 
(=wrscx) (stop)
Aug 17 16:53:05 ldap slapd[31761]: <= acl_mask: [3] mask: write (=wrscx)
Aug 17 16:53:05 ldap slapd[31761]: => access_allowed: read access 
granted by write (=wrscx)
Aug 17 16:53:05 ldap slapd[31761]: conn=11 op=1 SEARCH RESULT tag=101 
err=0 text=
Aug 17 16:53:05 ldap slapd[31762]: conn=11 op=2 MOD 
dn="uid=dballing,ou=People,dc=byramhealthcare,dc=com"
Aug 17 16:53:05 ldap slapd[31762]: => access_allowed: write access to 
"uid=dballing,ou=People,dc=byramhealthcare,dc=com" "telephoneNumber"
requested

... so it seems like the problem is from the way Turba is trying to 
modify every entity instead of just the ones that changed? Two points:

	1.) It should cycle over all the entries, even if one change fails, 
because it may have different privileges on other fields,
	2.) It should actually report failure instead of just silently 
ignoring the error it's getting from LDAP.

thoughts?

D