Hi list, This might be a trivial problem and I¹m really hoping I have just overlooked something rather silly that somebody else can spot. I am experimenting with external ACL tags at present and have configured the following acl line-up in my conf. Comments above each line to get an understanding of what I am trying to achieve. # Force a situation where the helper is called http_access deny password !tag_user # Defined a matching tag acl tag_group_blackwhite_b tag tag_group_blackwhite_b # Allow access if the tag is defined http_access allow password tag_group_blackwhite_b Okay, so I should be allowing a user access based on them authenticating and the tag_group_blackwhite_b tag being set. My problem is that when trying this approach, I am seeing the following result. 2010/07/05 10:58:13.930| externalAclLookup: lookup in 'tag_user' for 'user@xxxxxxxx http://foo.com/' 2010/07/05 10:58:13.930| aclmatchAclList: async=1 nodeMatched=0 async_in_progress=1 lastACLResult() = 0 finished() = 0 2010/07/05 10:58:13.931| commio_finish_callback: called for FD 17 (0, 0) 2010/07/05 10:58:13.931| comm_read_try: FD 17, size 8191, retval 30, errno 0 2010/07/05 10:58:13.931| commio_finish_callback: called for FD 17 (0, 0) 2010/07/05 10:58:13.931| helperHandleRead: end of reply found 2010/07/05 10:58:13.931| externalAclHandleReply: reply="OK tag=tag_group_blackwhite_b" 2010/07/05 10:58:13.932| external_acl_cache_add: Adding 'user@xxxxxxxx http://foo.com/' = 1 2010/07/05 10:58:13.932| ACLChecklist::asyncInProgress: 0xc98ef8 async set to 0 2010/07/05 10:58:13.932| ACLChecklist::preCheck: 0xc98ef8 checking 'http_access deny password !tag_user' 2010/07/05 10:58:13.932| ACLList::matches: checking password 2010/07/05 10:58:13.932| ACL::checklistMatches: checking 'password' 2010/07/05 10:58:13.932| ACL::ChecklistMatches: result for 'password' is 1 2010/07/05 10:58:13.932| ACLList::matches: checking !tag_user 2010/07/05 10:58:13.932| ACL::checklistMatches: checking 'tag_user' 2010/07/05 10:58:13.932| aclMatchExternal: tag_user check user authenticated. 2010/07/05 10:58:13.932| aclMatchExternal: tag_user user is authenticated. 2010/07/05 10:58:13.932| aclMatchExternal: tag_user = 1 2010/07/05 10:58:13.932| ACL::ChecklistMatches: result for 'tag_user' is 1 2010/07/05 10:58:13.932| aclmatchAclList: 0xc98ef8 returning false (AND list entry failed to match) 2010/07/05 10:58:13.932| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0 2010/07/05 10:58:13.932| ACLChecklist::preCheck: 0xc98ef8 checking 'http_access deny password tag_user_black' 2010/07/05 10:58:13.932| ACLList::matches: checking password 2010/07/05 10:58:13.932| ACL::checklistMatches: checking 'password' 2010/07/05 10:58:13.932| ACL::ChecklistMatches: result for 'password' is 1 2010/07/05 10:58:13.932| ACLList::matches: checking tag_user_black 2010/07/05 10:58:13.932| ACL::checklistMatches: checking 'tag_user_black' 2010/07/05 10:58:13.932| aclMatchStringList: checking 'tag_group_blackwhite_b' 2010/07/05 10:58:13.932| aclMatchStringList: 'tag_group_blackwhite_b' NOT found 2010/07/05 10:58:13.932| ACL::ChecklistMatches: result for 'tag_user_black' is 0 2010/07/05 10:58:13.932| aclmatchAclList: 0xc98ef8 returning false (AND list entry failed to match) 2010/07/05 10:58:13.932| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0 The interesting lines are externalAclHandleReply: reply="OK tag=tag_group_blackwhite_b" which, if my understaning is correct, should have defined tag_group_blackwhite_b. and... aclMatchStringList: 'tag_group_blackwhite_b' NOT found ACL::ChecklistMatches: result for 'tag_user_black' is 0 Which is now telling me that the tag was not set. Calling tag_user in the http_access line would clear this up but shouldn¹t the tag be present from the moment it is defined throughout the request? I am trying to use this as a way to prevent lookups to the helper as much as possible. example: http_access allow password tag_user tag_group_blackwhite_b Sorry if this is rather a silly question. Scott This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.
