Re: [webmin-l] LDAP Server module - possible bug

[Craig W. <cra...@az...>]

On Sat, 2011-06-11 at 15:05 -0700, Jamie Cameron wrote:
> On 11/Jun/2011 04:47 Craig White <cra...@az...> wrote ..
> > On Fri, 2011-06-10 at 22:44 -0700, Jamie Cameron wrote:
> > > On 10/Jun/2011 20:59 Craig White <cra...@az...> wrote ..
> > > > Seems as though it is having a problem parsing one of my ACL's
> > > > 
> > > > The output (dynamic is butt ugly)
> > > > olcAccess: {3}to
> > > > dn.regex="^ou=AddressBook,uid=([^,]+),ou=People,dc=azapple,dc
> > > >  =com$$"       attrs=children,entry,inetOrgPerson,organizationalPerson
> > > > b
> > > >  y dn="cn=admin,dc=azapple,dc=com" write       by dn.exact,expand="uid=
> > > > $1,ou=P
> > > >  eople,dc=azapple,dc=com" write       by
> > > > dn.exact="uid=Administrator,ou=People
> > > >  ,dc=azapple,dc=com" write       by anonymous auth       by * none
> > > > 
> > > > and webmin's view is parsing it incorrectly...
> > > > 
> > > > http://www.lightsonthenet.com/Craig/screenshot1.png
> > > > 
> > > > You can see what Webmin parses it as - the 3rd ACL
> > > 
> > > Hi Craig,
> > > 
> > > Are those lines above from your LDAP config file? I'd be interested
> > > to see what is actually in the underlying config file, which should tell
> > > me how Webmin is getting it wrong ..
> > ----
> > the lines above were from the #3 ACL in the DSA itself (output from an
> > ldapsearch command - the same line that parsed wrong by webmin). This is
> > how it looked before I added it (a clean look but the same info):
> > 
> > olcAccess: to dn.regex="^uid=([^,]+)ou=People,$base_dsa$$"
> >         by dn="cn=admin,$base_dsa" write
> >         by self read
> >         by dn.exact="uid=Administrator,ou=People,$base_dsa" write
> >         by anonymous auth
> >         by * none
> > 
> > It's the same as above but much more readable.
> 
> Ok, thanks .. that explains it now. The problem is that Webmin isn't
> parsing multi-line directives properly, causing corruption. I will fix
> this in the next release, but the work-around till then is to manually
> combine that until a single line like :
> 
> olcAccess: to dn.regex="^uid=([^,]+)ou=People,$base_dsa$$" by dn="cn=admin,$base_dsa" write by self read by dn.exact="uid=Administrator,ou=People,$base_dsa" write by anonymous auth by * none
----
Thanks - just thought I would report on the anomaly so you had a chance
to review... it obviously isn't a showstopper at all.

that makes sense but I keep them multi-line because it's easy for me to
read them and make sense from them whereas the single line I lose sight
of the details. Interestingly enough, all 11 of my ACL's were multi-line
but this was the only one that Webmin didn't parse correctly. To be
honest, I never really looked at my ACL's via Webmin before this but I
also always previously used the flat-file LDAP configuration.

I can't say that I am a fan of the dynamic backend (Ubuntu) but I have
pretty much given up on CentOS and the dynamic backend is what I get
from Ubuntu without completely reconfiguring it and so I have pretty
much scripted an LDAP setup. In fact, if you are interested in the
scripted steps which are mostly (but not completely) a turnkey install
of a fresh minimal setup for Ubuntu 10.04 (not tested with any other
release) dynamic setup, I can send them to you. Perhaps there's a way
you can use them with Webmin. Intent is for LDAP w/ Samba integration.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.