Package: slapd Version: 2.3.30-4 Severity: important I test the latest egroupware trunk on Etch. When I apply the suggested acl_addressbook.conf to slapd.conf slapd segfaults (as do slapadd and possibly other slapd-tools)
$ slapd -g openldap -u openldap -d 16383 [...] line 21 (access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson by dn.regex="uid=$1,ou=accounts,o=$2,dc=iww-test,dc=local" write by users none) Segmentation fault I use Etch with linux-image-2.6.18-3-686 2.6.18-7 and libc6 2.3.6.ds1-11. IMHO slapd shouldn't crash like this, no matter how ill-configured the ACL's maybe. My slapd.conf: allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/rfc2307bis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 modulepath /usr/lib/ldap moduleload back_bdb sizelimit 500 tool-threads 1 backend bdb checkpoint 512 30 database bdb suffix "dc=iww-test,dc=local" rootdn "cn=admin,dc=iww-test,dc=local" rootpw {MD5}verysecrethash directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 password-hash {MD5} index default eq index objectClass eq index uidNumber pres,eq lastmod on access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=iww-test,dc=local" write by anonymous auth by self write by * none include /etc/ldap/acl_addressbook.conf access to dn.base="" by * read access to * by dn="cn=admin,dc=iww-test,dc=local" write by * read The content of acl_addressbook.conf is: # Access to users personal addressbooks # allow read of addressbook by owner and egwadmin account access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=entry by dn.regex="uid=$1,ou=accounts,o=$2,dc=iww-test,dc=local" read by dn.regex="cn=egwadmin,o=$2,dc=iww-test,dc=local" write by users none # allow user to create entries in own addressbook; no-one else can access it # needs write access to the entries ENTRY attribute ... access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=children by dn.regex="uid=$1,ou=accounts,o=$2,dc=iww-test,dc=local" write by users none # ... and the entries CHILDREN access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson by dn.regex="uid=$1,ou=accounts,o=$2,dc=iww-test,dc=local" write by users none # Access to groups addressbooks # allow read of addressbook by members and egwadmin account access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=entry by group.expand="cn=$1,ou=groups,o=$2,dc=iww-test,dc=local" read by dn.regex="cn=egwadmin,o=$2,dc=iww-test,dc=local" write by users none # allow members to create entries in there group addressbooks; no-one else can access it # needs write access to the entries ENTRY attribute ... access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=children by group.expand="cn=$1,ou=groups,o=$2,dc=iww-test,dc=local" write by users none # ... and the entries CHILDREN access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=iww-test,dc=local$" attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson by group.expand="cn=$1,ou=groups,o=$2,dc=iww-test,dc=local" write by users none -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]